I am interested if and how Keycloak handles unlocking user account when the password gets reset.
As I can see in this closed issue this type of functionallity is not supported:
However I am using Keycloak version 8.0.1 and I can access locked account when I reset my password.
To be exact:
I have a Brute Force Detection enabled with
Max Login Failures=5
Wait Increment=30 min
I am placing incorrect password 6 times.
After that I am resetting my password. Password reset takes me to the admin console.
When I logout I can not log in again because the account is locked.
So this looks inconsistent. Is there any documentation that covers this part of Keycloak?
Is there some options that can be used to customize this behaviour?