REC15 - Enable brute force detection in keycloak

eimis-ans / eimis-synapse

Make a Synapse homeserver work on a managed kubernetes server hosted by OVH

MIT License

8 stars 3 forks source link

REC15 - Enable brute force detection in keycloak #375

Closed ad2ien closed 7 months ago

ad2ien commented 7 months ago

It's possible to enable brute force detection : Realm settings / Security settings / brute force detection Find suitable settings and report them on realm configuration.

REC15

ad2ien commented 7 months ago

SUggested keycloak configuration

  "bruteForceProtected": true,
  "permanentLockout": false,
  "maxFailureWaitSeconds": 900,
  "minimumQuickLoginWaitSeconds": 60,
  "waitIncrementSeconds": 60,
  "quickLoginCheckMilliSeconds": 1000,
  "maxDeltaTimeSeconds": 43200,
  "failureFactor": 30,