Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Brute Force Detection is disabled when updating frontenUrl via admin client #21409

Closed
2 tasks done
Tracked by #25914
jojo-schneider opened this issue Jul 3, 2023 · 0 comments · Fixed by #26718
Closed
2 tasks done
Tracked by #25914

Brute Force Detection is disabled when updating frontenUrl via admin client #21409

jojo-schneider opened this issue Jul 3, 2023 · 0 comments · Fixed by #26718
Assignees
@douglaspalmer
Labels
area/authentication Indicates an issue on Authentication area kind/bug Categorizes a PR related to a bug release/24.0.0 team/core-clients
Milestone
24.0.0

Comments

@jojo-schneider
Copy link

jojo-schneider commented Jul 3, 2023
edited

Before reporting an issue

  • I have searched existing issues
  • I have reproduced the issue with the latest release

Area

admin/client/node

Describe the bug

When the frontenUrl is updated through the admin client e.g.:

 await this.client.realms.update(
        {realm},
        {
          attributes: {
            frontendUrl: `${frontendUrl}/auth`,
          },
        },
      );

the brute force detection mechanism is unexpectedly disabled.

Version

21.1.1

Expected behavior

Changing the frontenUrl attribute should not affect brute force settings

Actual behavior

Brute force detection is disabled when changing frontenUrl

How to Reproduce?

  1. Enable brute force detection for a realm using the Keycloak admin UI.
  2. Set a new frontendUrl for this realm using the Keycloak admin client.
  3. Inspect the brute force settings for this realm using the Keycloak admin UI.

Anything else?

Same behaviour with security header settings. They are also deleted when the frontendUrl is updated. Seems to affect all security defence settings of the realm
@jojo-schneider jojo-schneider added kind/bug Categorizes a PR related to a bug status/triage labels Jul 3, 2023
@stianst stianst added the area/authentication Indicates an issue on Authentication area label Nov 15, 2023
@ghost ghost added the team/core label Nov 15, 2023
@douglaspalmer douglaspalmer self-assigned this Nov 15, 2023
@douglaspalmer douglaspalmer added this to the 24.0.0 milestone Nov 16, 2023
@douglaspalmer douglaspalmer removed their assignment Nov 17, 2023
@douglaspalmer douglaspalmer self-assigned this Jan 30, 2024
douglaspalmer added a commit to douglaspalmer/keycloak that referenced this issue Jan 31, 2024
@douglaspalmer
Brute Force Detection is disabled when updating frontenUrl via admin …
7e128ce 
…client

Closes keycloak#21409

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
douglaspalmer added a commit to douglaspalmer/keycloak that referenced this issue Feb 1, 2024
@douglaspalmer
Brute Force Detection is disabled when updating frontenUrl via admin …
11feeba 
…client

Closes keycloak#21409

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
@douglaspalmer douglaspalmer mentioned this issue Feb 1, 2024
Merged
@abstractj abstractj mentioned this issue Feb 2, 2024
Open
15 tasks
pedroigor pushed a commit that referenced this issue Feb 7, 2024
@douglaspalmer @pedroigor
Brute Force Detection is disabled when updating frontenUrl via admin …
d9d41b1 
…client

Closes #21409

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
cavuugroup pushed a commit to cavuugroup/keycloak that referenced this issue Feb 8, 2024
@douglaspalmer @cavuugroup
Brute Force Detection is disabled when updating frontenUrl via admin …
9a34b9a 
…client

Closes keycloak#21409

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: Krzysztof Walczewski <kwalczewski@gmail.com>
ahus1 pushed a commit to ahus1/keycloak that referenced this issue Mar 22, 2024
@douglaspalmer @ahus1
Brute Force Detection is disabled when updating frontenUrl via admin …
7722d0d 
…client

Closes keycloak#21409

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@douglaspalmer douglaspalmer

Labels
area/authentication Indicates an issue on Authentication area kind/bug Categorizes a PR related to a bug release/24.0.0 team/core-clients
Projects
None yet
Milestone
24.0.0
Development

Successfully merging a pull request may close this issue.

Brute Force Detection is disabled when updating frontenUrl via admin client douglaspalmer/keycloak
3 participants
@douglaspalmer @stianst @jojo-schneider