[keycloak-user] Brute Force Detection breaks Social login

Valerij Timofeev valerij.timofeev at gmail.com
Wed Jul 6 05:18:56 EDT 2016


Hi Stian,

https://access.redhat.com/products/red-hat-single-sign-on
http://blog.keycloak.org/2016/06/productized-keycloak-now-available-from.html

We are able to download RH SSO 7.0.0 via our RH EAP account.
But there is no information whether RH SSO is included in the EAP licence.
We've contacted sales of the RH Partner in Germany, where we purchased the
EAP licence: they said that they will be able to give clear answer
approximately in 1-2 months.

As already mentioned in this thread we would like to migrate our production
setup from Keycloak 1.9.4 to RH SSO 7.0.x
But I won't get OK for migration from my boss as long as the situation with
the licence is not clear.

Could you please clarify this point?

Kind regards
Valerij


2016-07-05 19:22 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:

> Thanks Bruno.
>
> I've added an RH-SSO issue and scheduled it to be included in RH-SSO 7.0.1.
>
> On 5 July 2016 at 16:59, Bruno Oliveira <bruno at abstractj.org> wrote:
>
>> I just completely tried in a fresh new browser profile and managed to
>> reproduce your issue. It happens with 1.9.x and Facebook accounts.
>>
>> I've create da Jira for this:
>> https://issues.jboss.org/browse/KEYCLOAK-3267
>>
>>
>> On 2016-07-05, Bruno Oliveira wrote:
>> > I've just downloaded and tried with 1.9.8 too, it works. Is this
>> happening with
>> > all users? Have you considered to setup an isolated environment from
>> > scratch?
>> >
>> > On 2016-07-05, Valerij Timofeev wrote:
>> > > Hi Bruno,
>> > >
>> > > thank you for the check.
>> > > We are going to migrate our production setup from Keycloak 1.9.4 to
>> Red Hat
>> > > SSO 7.0, which is based on Keycloak 1.9.8.
>> > > Direct migration to 2.0.0.Final would be for us too risky, but still
>> an
>> > > option somewhen later.
>> > >
>> > > @All,
>> > > any ideas for Keycloak 1.9.x? May be there is some setting we miss
>> allowing
>> > > us to use both "peacefully".
>> > >
>> > > Kind regards
>> > > Valerij
>> > >
>> > > 2016-07-05 15:59 GMT+02:00 Bruno Oliveira <bruno at abstractj.org>:
>> > >
>> > > > Hi Valerij,
>> > > >
>> > > > I've tested against 2.0.0.Final right now and I couldn't reproduce
>> your
>> > > > issue.
>> > > >
>> > > > I have brute force enabled by default here and Facebook configured
>> > > > exactly like described at the docs.
>> > > >
>> > > > Not sure how to reproduce your issue :/ Maybe, give 2.0.0.Final a
>> try?
>> > > >
>> > > > On 2016-07-05, Valerij Timofeev wrote:
>> > > > > Hi all,
>> > > > >
>> > > > > it looks like the Brute Force Detection breaks Social login.
>> > > > >
>> > > > > I've:
>> > > > > 1) downloaded keycloak-demo-1.9.8.Final
>> > > > > 2) setup Facebook Identity provider
>> > > > > 3) successfully tested Facebook login
>> > > > > 4) activated Brute Force Detection with default values
>> > > > > 5) tested Facebook login: it fails with the error message:
>> "Account is
>> > > > > disabled, contact admin."
>> > > > >
>> > > > > I wonder whether somebody has ever tested this combination.
>> > > > >
>> > > > >
>> > > > > Kind regards
>> > > > > Valerij Timofeev
>> > > >
>> > > > > _______________________________________________
>> > > > > keycloak-user mailing list
>> > > > > keycloak-user at lists.jboss.org
>> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> > > >
>> > > >
>> > > > --
>> > > >
>> > > > abstractj
>> > > > PGP: 0x84DC9914
>> > > >
>> >
>> > --
>> >
>> > abstractj
>> > PGP: 0x84DC9914
>>
>> --
>>
>> abstractj
>> PGP: 0x84DC9914
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160706/f9347332/attachment.html 


More information about the keycloak-user mailing list