Before reporting an issue

[X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

core

Describe the bug

The setting (or default value) for Failure Reset Time is applied to permanent lockout. In previous versions of Keycloak this setting was only applied to temporary lockout. This setting isn't configurable for Permanent Lockout.

Version

24

Regression

[ ] The issue is a regression

Expected behavior

The failure count for a given user is not reset after a time period when Brute Force with Permanent Lockout is configured.

Actual behavior

The failure count for a given user is reset after 12 hours (or whatever was previously configured for temporary lockout) when Brute Force with Permanent Lockout is configured.

How to Reproduce?

Enable Brute Force Protection for the realm.
Select temporary lockout.
Set Max Login Failures to 1.
Set Failure Reset Time to 5 seconds.
Save.
Select Permanent Lockout and save.
Try to login with invalid credentials.
Wait at least 5 seconds.
Try to login with invalid credentials.
Check the stats of the user; it will not be Disabled.

Anything else?

No response