[keycloak-user] Brute Force Detection breaks Social login

Bruno Oliveira bruno at abstractj.org
Tue Jul 5 10:59:02 EDT 2016 

I just completely tried in a fresh new browser profile and managed to
reproduce your issue. It happens with 1.9.x and Facebook accounts.

I've create da Jira for this: https://issues.jboss.org/browse/KEYCLOAK-3267


On 2016-07-05, Bruno Oliveira wrote:
> I've just downloaded and tried with 1.9.8 too, it works. Is this happening with
> all users? Have you considered to setup an isolated environment from
> scratch?
>
> On 2016-07-05, Valerij Timofeev wrote:
> > Hi Bruno,
> >
> > thank you for the check.
> > We are going to migrate our production setup from Keycloak 1.9.4 to Red Hat
> > SSO 7.0, which is based on Keycloak 1.9.8.
> > Direct migration to 2.0.0.Final would be for us too risky, but still an
> > option somewhen later.
> >
> > @All,
> > any ideas for Keycloak 1.9.x? May be there is some setting we miss allowing
> > us to use both "peacefully".
> >
> > Kind regards
> > Valerij
> >
> > 2016-07-05 15:59 GMT+02:00 Bruno Oliveira <bruno at abstractj.org>:
> >
> > > Hi Valerij,
> > >
> > > I've tested against 2.0.0.Final right now and I couldn't reproduce your
> > > issue.
> > >
> > > I have brute force enabled by default here and Facebook configured
> > > exactly like described at the docs.
> > >
> > > Not sure how to reproduce your issue :/ Maybe, give 2.0.0.Final a try?
> > >
> > > On 2016-07-05, Valerij Timofeev wrote:
> > > > Hi all,
> > > >
> > > > it looks like the Brute Force Detection breaks Social login.
> > > >
> > > > I've:
> > > > 1) downloaded keycloak-demo-1.9.8.Final
> > > > 2) setup Facebook Identity provider
> > > > 3) successfully tested Facebook login
> > > > 4) activated Brute Force Detection with default values
> > > > 5) tested Facebook login: it fails with the error message: "Account is
> > > > disabled, contact admin."
> > > >
> > > > I wonder whether somebody has ever tested this combination.
> > > >
> > > >
> > > > Kind regards
> > > > Valerij Timofeev
> > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > >
> > > --
> > >
> > > abstractj
> > > PGP: 0x84DC9914
> > >
>
> --
>
> abstractj
> PGP: 0x84DC9914

--

abstractj
PGP: 0x84DC9914

More information about the keycloak-user mailing list