[keycloak-user] Testing/Integration testing

Eriksson Fabian fabian.eriksson at gi-de.com
Mon Jan 16 11:28:53 EST 2017


Hello!

I am currently implementing this feature described below. The feature is not really relevant for this question but I thought I could include it. 

I was wondering, before I make a PR, should I include integration tests even for the UI (the console module, which from what I can tell is not run with Travis)? And is there a way of testing a single arquillian integration test in an IDE (for the console module)? 

I don't know if this is the right forum to ask these questions but I thought I'll give it a try

Thanks in advance
Fabian Eriksson

-----Original Message-----
From: Bruno Oliveira [mailto:bruno at abstractj.org] 
Sent: den 11 januari 2017 19:18
To: Eriksson Fabian
Cc: stian at redhat.com; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Brute force detector extension

I believe the best is to create Jira as a feature request. And later you can attach your PR to that.

On 2017-01-11, Eriksson Fabian wrote:
> Do you want me to create a new feature request through the dev mailing list or could I immediately create a Jira-ticket?
>
> Best regards
> Fabian Eriksson
>
> From: Stian Thorgersen [mailto:sthorger at redhat.com]
> Sent: den 2 januari 2017 09:15
> To: Eriksson Fabian
> Cc: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Brute force detector extension
>
> You can implement a custom provider for the brute force protection that would do what you want. It wouldn't be configurable through the admin console though.
>
> I don't see why we couldn't add it as an option to the built-in provider though so if you are happy to send a PR for it including tests we could accept it into 3.x.
>
> On 21 December 2016 at 11:24, Eriksson Fabian <fabian.eriksson at gi-de.com<mailto:fabian.eriksson at gi-de.com>> wrote:
> Hi all!
>
> We would like to have ability to configure the brute force detector so it can disable a user account after X failed attempts completely and not only lock him/her out for a period of time (setting the lockout-time to a few years is not enough). In the end we would like the admins of KeyCloak to be able to set a timed lockout-period or set a permanent one for different realms. I guess this would also require the detector to reset the failed-login-attempts count on a successful login.
>
> Does this sound interesting and could this then be something that we could contribute with to KeyCloak?
>
> Or is there a way to substitute the already existing brute force detector?
>
> Thanks in advance!
> Fabian Eriksson
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

--

abstractj



More information about the keycloak-user mailing list