[keycloak-user] Brute Force Detection - Get status of a username in brute force detection
Andrej Prievalsky
ado.boj.83 at gmail.com
Mon Mar 21 04:06:34 EDT 2016
Thanks for answer for 2nd question. I will write JIRA.
But I didn't get answer for my 1st question.
On Fri, Mar 18, 2016 at 5:22 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:
> numFailures should be reset after successful login
> On 18 Mar 2016 2:56 p.m., "Andrej Prievalsky" <ado.boj.83 at gmail.com>
> wrote:
>
>> Hi,
>>
>> I have question concerning your REST_API:
>> GET
>> /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}
>> In 1.9.1..Final my setting per realm Demo looks like:
>>
>> [image: Inline image 1]
>>
>> I have noticed with this endpoint:
>>
>> - 1.) when user is not created the answer for this REST is same like for
>> created user with 0 numFailures:
>> {
>> "numFailures": 0,
>> "disabled": false,
>> "lastIPFailure": "n/a",
>> "lastFailure": 0
>> }
>>
>> - 2.) when Max Login Failures is set to 3 and I put 2 times incorrect
>> password and 3rd time correct password numFailures is not reset by Keycloak:
>> {
>> "numFailures": 2,
>> "disabled": false,
>> ....
>> ....
>> }
>>
>> Are this 2 cases correct from your point of view?
>>
>> Thanks and Best Regards,
>> Andrej.
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160321/9405072b/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 46216 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160321/9405072b/attachment-0001.png
More information about the keycloak-user
mailing list