[keycloak-user] Brute Force Detection breaks Social login

Valerij Timofeev valerij.timofeev at gmail.com
Tue Jul 5 10:40:14 EDT 2016


Hi Bruno,

thank you for the check.
We are going to migrate our production setup from Keycloak 1.9.4 to Red Hat
SSO 7.0, which is based on Keycloak 1.9.8.
Direct migration to 2.0.0.Final would be for us too risky, but still an
option somewhen later.

@All,
any ideas for Keycloak 1.9.x? May be there is some setting we miss allowing
us to use both "peacefully".

Kind regards
Valerij

2016-07-05 15:59 GMT+02:00 Bruno Oliveira <bruno at abstractj.org>:

> Hi Valerij,
>
> I've tested against 2.0.0.Final right now and I couldn't reproduce your
> issue.
>
> I have brute force enabled by default here and Facebook configured
> exactly like described at the docs.
>
> Not sure how to reproduce your issue :/ Maybe, give 2.0.0.Final a try?
>
> On 2016-07-05, Valerij Timofeev wrote:
> > Hi all,
> >
> > it looks like the Brute Force Detection breaks Social login.
> >
> > I've:
> > 1) downloaded keycloak-demo-1.9.8.Final
> > 2) setup Facebook Identity provider
> > 3) successfully tested Facebook login
> > 4) activated Brute Force Detection with default values
> > 5) tested Facebook login: it fails with the error message: "Account is
> > disabled, contact admin."
> >
> > I wonder whether somebody has ever tested this combination.
> >
> >
> > Kind regards
> > Valerij Timofeev
>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
>
> abstractj
> PGP: 0x84DC9914
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160705/0e8863b8/attachment.html 


More information about the keycloak-user mailing list