Comments (3)
Doesn't this mean that Keycloak doesn't have brute force protection against user registration, and so you can still overwhelm it by registering users, even without a migration plugin?
It's not meant to be generalized protection against all kinds of attacks. They specifically define a "brute force attack" as an attempt to guess a userβs password by trying to log in multiple times. Keycloak has brute force detection capabilities for this specific type of attack, and can temporarily disable a user account if the number of login failures exceeds a specified threshold.
If not, and this is truly something that the plugin should handle, then I'd be happy to accept a PR for this :)
Because this extension allows testing of a user's password using multiple login attempts, but does not mitigate using Keycloak's mechanism, it would need it's own mechanism of counting and disabling attempts in order to match the expected functionality of Keycloak.
Unfortunately, I don't think I'll have the time to implement this myself.
No problem. I think we can implement this, so if you wouldn't mind keeping it open, I'll see when when have some time to do this.
from keycloak-user-migration.
One thing to note in a potential implementation is that the InfinispanUserLoginFailureProvider
which is the default implementation that is returned from session.loginFailures()
doesn't seem to care about the format of the userId
parameters that are passed in. An experiment that might make an implementation quite a bit easier would be to pass the email/username
as the userId to see if it works. Then you get an implementation for "free".
from keycloak-user-migration.
Doesn't this mean that Keycloak doesn't have brute force protection against user registration, and so you can still overwhelm it by registering users, even without a migration plugin?
If not, and this is truly something that the plugin should handle, then I'd be happy to accept a PR for this :)
Unfortunately, I don't think I'll have the time to implement this myself.
from keycloak-user-migration.
Related Issues (20)
- Legacy role conversation fields becomes empty after save HOT 1
- Cannot reach api via http in kubernetes HOT 1
- Compatible with Keycloak 22 (JAX-RS)? HOT 10
- Not able to recreate migrated users HOT 1
- Swagger is not working HOT 1
- Rest Client URI is not invoked. Nothing is logs related to this plugin HOT 6
- Federation Cache Expiration Issues and Docs Clarification HOT 4
- Username with uppercase letters causing errors HOT 8
- Support fort 23.X HOT 3
- Fallback to Provider Password if Keycloak internal password is wrong HOT 4
- Mobile Number support? HOT 2
- Docker is required?? HOT 1
- migration via rest doesnt show up in user federation HOT 2
- rest api doesnt import wp users HOT 1
- [BUG] Resetting password randomly locks user out of Keycloak, returning 403 for "GET /admin/serverinfo" request HOT 1
- Bypassing password complexity requirements on import HOT 1
- End-to-end tests are broken
- Half migrated users can not be deleted in Keycloak HOT 1
- FR: Credentials import
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keycloak-user-migration.