[keycloak-user] Brute Force Detection - Get status of a username in brute force detection

Stian Thorgersen sthorger at redhat.com
Fri Mar 18 12:22:53 EDT 2016


numFailures should be reset after successful login
On 18 Mar 2016 2:56 p.m., "Andrej Prievalsky" <ado.boj.83 at gmail.com> wrote:

> Hi,
>
> I have question concerning your REST_API:
> GET /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}
> In 1.9.1..Final my setting per realm Demo looks like:
>
> [image: Inline image 1]
>
> I have noticed with this endpoint:
>
> - 1.) when user is not created the answer for this REST is same like for
> created user with 0 numFailures:
>    {
>    "numFailures": 0,
>    "disabled": false,
>    "lastIPFailure": "n/a",
>    "lastFailure": 0
>    }
>
> - 2.) when Max Login Failures is set to 3 and I put 2 times incorrect
> password and 3rd time correct password numFailures is not reset by Keycloak:
>   {
>   "numFailures": 2,
>   "disabled": false,
>     ....
>     ....
>    }
>
> Are this 2 cases correct from your point of view?
>
> Thanks and Best Regards,
> Andrej.
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160318/ba486fcd/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 46216 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160318/ba486fcd/attachment-0001.png 


More information about the keycloak-user mailing list