[keycloak-user] Brute Force Detection breaks Social login
Stian Thorgersen
sthorger at redhat.com
Tue Jul 5 13:22:59 EDT 2016
Thanks Bruno.
I've added an RH-SSO issue and scheduled it to be included in RH-SSO 7.0.1.
On 5 July 2016 at 16:59, Bruno Oliveira <bruno at abstractj.org> wrote:
> I just completely tried in a fresh new browser profile and managed to
> reproduce your issue. It happens with 1.9.x and Facebook accounts.
>
> I've create da Jira for this:
> https://issues.jboss.org/browse/KEYCLOAK-3267
>
>
> On 2016-07-05, Bruno Oliveira wrote:
> > I've just downloaded and tried with 1.9.8 too, it works. Is this
> happening with
> > all users? Have you considered to setup an isolated environment from
> > scratch?
> >
> > On 2016-07-05, Valerij Timofeev wrote:
> > > Hi Bruno,
> > >
> > > thank you for the check.
> > > We are going to migrate our production setup from Keycloak 1.9.4 to
> Red Hat
> > > SSO 7.0, which is based on Keycloak 1.9.8.
> > > Direct migration to 2.0.0.Final would be for us too risky, but still an
> > > option somewhen later.
> > >
> > > @All,
> > > any ideas for Keycloak 1.9.x? May be there is some setting we miss
> allowing
> > > us to use both "peacefully".
> > >
> > > Kind regards
> > > Valerij
> > >
> > > 2016-07-05 15:59 GMT+02:00 Bruno Oliveira <bruno at abstractj.org>:
> > >
> > > > Hi Valerij,
> > > >
> > > > I've tested against 2.0.0.Final right now and I couldn't reproduce
> your
> > > > issue.
> > > >
> > > > I have brute force enabled by default here and Facebook configured
> > > > exactly like described at the docs.
> > > >
> > > > Not sure how to reproduce your issue :/ Maybe, give 2.0.0.Final a
> try?
> > > >
> > > > On 2016-07-05, Valerij Timofeev wrote:
> > > > > Hi all,
> > > > >
> > > > > it looks like the Brute Force Detection breaks Social login.
> > > > >
> > > > > I've:
> > > > > 1) downloaded keycloak-demo-1.9.8.Final
> > > > > 2) setup Facebook Identity provider
> > > > > 3) successfully tested Facebook login
> > > > > 4) activated Brute Force Detection with default values
> > > > > 5) tested Facebook login: it fails with the error message:
> "Account is
> > > > > disabled, contact admin."
> > > > >
> > > > > I wonder whether somebody has ever tested this combination.
> > > > >
> > > > >
> > > > > Kind regards
> > > > > Valerij Timofeev
> > > >
> > > > > _______________________________________________
> > > > > keycloak-user mailing list
> > > > > keycloak-user at lists.jboss.org
> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >
> > > >
> > > > --
> > > >
> > > > abstractj
> > > > PGP: 0x84DC9914
> > > >
> >
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160705/35c57491/attachment-0001.html
More information about the keycloak-user
mailing list