Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-2692

numFailures should be reset after successful login in Brute Force Detection

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Done
    • 1.9.1.Final
    • 1.9.2.Final
    • None
    • None

    Description

      Setting per realm Demo is attached.
      REST-API endpoint - Get status of a username in brute force detection:
      GET /admin/realms/

      {realm}

      /attack-detection/brute-force/usernames/

      {username}

      Issue: When Max Login Failures is set to 3 and I put 2 times incorrect password and 3rd time correct password numFailures is not reset by Keycloak:

      { "numFailures": 2, "disabled": false, .... .... }

      Attachments

        Activity

          People

            Unassigned Unassigned
            andrej.prievalsky Andrej Prievalsky (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: