[keycloak-user] Brute Force Detection breaks Social login

Valerij Timofeev valerij.timofeev at gmail.com
Thu Jul 7 06:38:42 EDT 2016 

Thank you Stian,

> https://access.redhat.com/articles/2294961,
this was the missing piece in the puzzle ;-)

We have full access to RH SSO product (download and submit support cases).
But it was unclear before your answer whether we are legitimated to do this.


2016-07-07 6:49 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:

> Valerij - What Thomas said is correct and you should be able to use your
> JBoss EAP license for any of the services that are included in the JBoss
> Core Services. Unless there's something specific about your license since
> it was purchased through a RH Partner. You can get more details about JBoss
> Core Services here https://access.redhat.com/articles/2294961, maybe ask
> the RH Partner directly about JBoss Core Services?
>
> On 6 July 2016 at 11:57, Thomas Raehalme <thomas.raehalme at aitiofinland.com
> > wrote:
>
>> Hi!
>>
>> I was told just last week by our local RedHat distributor that RH SSO 7.0
>> is part of the JBoss Core Services and that JBoss Core Services
>> subscriptions are included at no additional charge with subscriptions for
>> JBoss EAP, JBoss Data Grid, JBoss Fuse, JBoss A-MQ, JBoss Data
>> Virtualization, JBoss BRMS and JBoss BPM Suite. Subscribers to these
>> products receive full entitlement to all the components within JBoss Core
>> Services Collection.
>>
>> Best regards,
>> Thomas
>>
>>
>> On Wed, Jul 6, 2016 at 12:18 PM, Valerij Timofeev <
>> valerij.timofeev at gmail.com> wrote:
>>
>>> Hi Stian,
>>>
>>> https://access.redhat.com/products/red-hat-single-sign-on
>>>
>>> http://blog.keycloak.org/2016/06/productized-keycloak-now-available-from.html
>>>
>>> We are able to download RH SSO 7.0.0 via our RH EAP account.
>>> But there is no information whether RH SSO is included in the EAP
>>> licence.
>>> We've contacted sales of the RH Partner in Germany, where we purchased
>>> the EAP licence: they said that they will be able to give clear answer
>>> approximately in 1-2 months.
>>>
>>> As already mentioned in this thread we would like to migrate our
>>> production setup from Keycloak 1.9.4 to RH SSO 7.0.x
>>> But I won't get OK for migration from my boss as long as the situation
>>> with the licence is not clear.
>>>
>>> Could you please clarify this point?
>>>
>>> Kind regards
>>> Valerij
>>>
>>>
>>> 2016-07-05 19:22 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:
>>>
>>>> Thanks Bruno.
>>>>
>>>> I've added an RH-SSO issue and scheduled it to be included in RH-SSO
>>>> 7.0.1.
>>>>
>>>> On 5 July 2016 at 16:59, Bruno Oliveira <bruno at abstractj.org> wrote:
>>>>
>>>>> I just completely tried in a fresh new browser profile and managed to
>>>>> reproduce your issue. It happens with 1.9.x and Facebook accounts.
>>>>>
>>>>> I've create da Jira for this:
>>>>> https://issues.jboss.org/browse/KEYCLOAK-3267
>>>>>
>>>>>
>>>>> On 2016-07-05, Bruno Oliveira wrote:
>>>>> > I've just downloaded and tried with 1.9.8 too, it works. Is this
>>>>> happening with
>>>>> > all users? Have you considered to setup an isolated environment from
>>>>> > scratch?
>>>>> >
>>>>> > On 2016-07-05, Valerij Timofeev wrote:
>>>>> > > Hi Bruno,
>>>>> > >
>>>>> > > thank you for the check.
>>>>> > > We are going to migrate our production setup from Keycloak 1.9.4
>>>>> to Red Hat
>>>>> > > SSO 7.0, which is based on Keycloak 1.9.8.
>>>>> > > Direct migration to 2.0.0.Final would be for us too risky, but
>>>>> still an
>>>>> > > option somewhen later.
>>>>> > >
>>>>> > > @All,
>>>>> > > any ideas for Keycloak 1.9.x? May be there is some setting we miss
>>>>> allowing
>>>>> > > us to use both "peacefully".
>>>>> > >
>>>>> > > Kind regards
>>>>> > > Valerij
>>>>> > >
>>>>> > > 2016-07-05 15:59 GMT+02:00 Bruno Oliveira <bruno at abstractj.org>:
>>>>> > >
>>>>> > > > Hi Valerij,
>>>>> > > >
>>>>> > > > I've tested against 2.0.0.Final right now and I couldn't
>>>>> reproduce your
>>>>> > > > issue.
>>>>> > > >
>>>>> > > > I have brute force enabled by default here and Facebook
>>>>> configured
>>>>> > > > exactly like described at the docs.
>>>>> > > >
>>>>> > > > Not sure how to reproduce your issue :/ Maybe, give 2.0.0.Final
>>>>> a try?
>>>>> > > >
>>>>> > > > On 2016-07-05, Valerij Timofeev wrote:
>>>>> > > > > Hi all,
>>>>> > > > >
>>>>> > > > > it looks like the Brute Force Detection breaks Social login.
>>>>> > > > >
>>>>> > > > > I've:
>>>>> > > > > 1) downloaded keycloak-demo-1.9.8.Final
>>>>> > > > > 2) setup Facebook Identity provider
>>>>> > > > > 3) successfully tested Facebook login
>>>>> > > > > 4) activated Brute Force Detection with default values
>>>>> > > > > 5) tested Facebook login: it fails with the error message:
>>>>> "Account is
>>>>> > > > > disabled, contact admin."
>>>>> > > > >
>>>>> > > > > I wonder whether somebody has ever tested this combination.
>>>>> > > > >
>>>>> > > > >
>>>>> > > > > Kind regards
>>>>> > > > > Valerij Timofeev
>>>>> > > >
>>>>> > > > > _______________________________________________
>>>>> > > > > keycloak-user mailing list
>>>>> > > > > keycloak-user at lists.jboss.org
>>>>> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>> > > >
>>>>> > > >
>>>>> > > > --
>>>>> > > >
>>>>> > > > abstractj
>>>>> > > > PGP: 0x84DC9914
>>>>> > > >
>>>>> >
>>>>> > --
>>>>> >
>>>>> > abstractj
>>>>> > PGP: 0x84DC9914
>>>>>
>>>>> --
>>>>>
>>>>> abstractj
>>>>> PGP: 0x84DC9914
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160707/18815177/attachment.html

More information about the keycloak-user mailing list