diff --git a/docs/documentation/server_admin/topics/authentication/otp-policies.adoc b/docs/documentation/server_admin/topics/authentication/otp-policies.adoc
index 8ce2e1cc4b7..c958b5e6f59 100644
--- a/docs/documentation/server_admin/topics/authentication/otp-policies.adoc
+++ b/docs/documentation/server_admin/topics/authentication/otp-policies.adoc
@@ -53,8 +53,8 @@ The default algorithm is SHA1. The other, more secure options are SHA256 and SHA
The length of the OTP. Short OTPs are user-friendly, easier to type, and easier to remember. Longer OTPs are more secure than shorter OTPs.
-===== Look ahead window
-The number of intervals the server attempts to match the hash. This option is present in {project_name} if the clock of the TOTP generator or authentication server become out-of-sync. The default value of 1 is adequate. This option is present in {project_name} to cover when the user's counter gets ahead of the server.
+===== Look around window
+The number of previous and following intervals the server attempts to match the hash. This option is present in {project_name} if the clock of the TOTP generator or authentication server become out-of-sync. The default value of 1 is adequate. This option is present in {project_name} to cover when the user's counter gets ahead of the server.
===== Initial counter
diff --git a/js/apps/admin-ui/public/locales/en/authentication-help.json b/js/apps/admin-ui/public/locales/en/authentication-help.json
index dff77dce8d4..5103756532e 100644
--- a/js/apps/admin-ui/public/locales/en/authentication-help.json
+++ b/js/apps/admin-ui/public/locales/en/authentication-help.json
@@ -12,7 +12,7 @@
"webAuthnPolicyRpEntityName": "Human-readable server name as WebAuthn Relying Party",
"otpHashAlgorithm": "What hashing algorithm should be used to generate the OTP.",
"otpPolicyDigits": "How many digits should the OTP have?",
- "lookAhead": "How far ahead should the server look just in case the token generator and server are out of time sync or counter sync?",
+ "lookAround": "How far around should the server look just in case the token generator and server are out of time sync or counter sync?",
"otpPolicyPeriod": "How many seconds should an OTP token be valid? Defaults to 30 seconds.",
"otpPolicyCodeReusable": "Possibility to use the same OTP code again after successful authentication.",
"supportedApplications": "Applications that are known to work with the current OTP policy",
diff --git a/js/apps/admin-ui/public/locales/en/authentication.json b/js/apps/admin-ui/public/locales/en/authentication.json
index 465de2c451b..0950c65f491 100644
--- a/js/apps/admin-ui/public/locales/en/authentication.json
+++ b/js/apps/admin-ui/public/locales/en/authentication.json
@@ -21,7 +21,7 @@
},
"otpHashAlgorithm": "OTP hash algorithm",
"otpPolicyDigits": "Number of digits",
- "lookAhead": "Look ahead window",
+ "lookAround": "Look around window",
"otpPolicyPeriod": "OTP Token period",
"otpPolicyPeriodErrorHint": "Value needs to be between 1 second and 2 minutes",
"otpPolicyCodeReusable": "Reusable token",
diff --git a/js/apps/admin-ui/public/locales/ja/authentication.json b/js/apps/admin-ui/public/locales/ja/authentication.json
index 4c02988daa9..e27ac4b964a 100644
--- a/js/apps/admin-ui/public/locales/ja/authentication.json
+++ b/js/apps/admin-ui/public/locales/ja/authentication.json
@@ -15,7 +15,6 @@
},
"otpHashAlgorithm": "OTPハッシュ・アルゴリズム",
"otpPolicyDigits": "桁数",
- "lookAhead": "先読みウィンドウ",
"otpPolicyPeriod": "OTPトークンの期間",
"initialCounter": "初期カウンター",
"webAuthnPolicySignatureAlgorithms": "署名アルゴリズム",
diff --git a/js/apps/admin-ui/public/locales/lt/authentication.json b/js/apps/admin-ui/public/locales/lt/authentication.json
index c9de35dd33d..6e4f7511cd4 100644
--- a/js/apps/admin-ui/public/locales/lt/authentication.json
+++ b/js/apps/admin-ui/public/locales/lt/authentication.json
@@ -12,7 +12,6 @@
},
"otpHashAlgorithm": "OTP maišos algoritmas",
"otpPolicyDigits": "Skaitmenų skaičius",
- "lookAhead": "Neatitikimo langas",
"otpPolicyPeriod": "OTP rakto galiojimo intervalas",
"initialCounter": "Pradinė skaitliuko reikšmė",
"attestationPreference": {
diff --git a/js/apps/admin-ui/public/locales/no/authentication.json b/js/apps/admin-ui/public/locales/no/authentication.json
index 7c4eae56539..8072ee1b92a 100644
--- a/js/apps/admin-ui/public/locales/no/authentication.json
+++ b/js/apps/admin-ui/public/locales/no/authentication.json
@@ -12,7 +12,6 @@
},
"otpHashAlgorithm": "OTP hash-algoritme",
"otpPolicyDigits": "Antall siffer",
- "lookAhead": "Look Ahead Window",
"otpPolicyPeriod": "Engangskode token",
"initialCounter": "Initiell teller",
"attestationPreference": {
diff --git a/js/apps/admin-ui/public/locales/pt-BR/authentication.json b/js/apps/admin-ui/public/locales/pt-BR/authentication.json
index 951791ffb7d..066bcc75a5d 100644
--- a/js/apps/admin-ui/public/locales/pt-BR/authentication.json
+++ b/js/apps/admin-ui/public/locales/pt-BR/authentication.json
@@ -12,7 +12,6 @@
},
"otpHashAlgorithm": "Algoritmo de hash OTP",
"otpPolicyDigits": "Quantidade de dígitos",
- "lookAhead": "Look Ahead Window",
"otpPolicyPeriod": "Período de token OTP ",
"initialCounter": "Contador inicial",
"attestationPreference": {
diff --git a/js/apps/admin-ui/public/locales/ru/authentication.json b/js/apps/admin-ui/public/locales/ru/authentication.json
index d5ee1ff047e..0a5a83e3348 100644
--- a/js/apps/admin-ui/public/locales/ru/authentication.json
+++ b/js/apps/admin-ui/public/locales/ru/authentication.json
@@ -12,7 +12,6 @@
},
"otpHashAlgorithm": "Алгоритм хеша OTP",
"otpPolicyDigits": "Количество цифр",
- "lookAhead": "Окно вперед",
"otpPolicyPeriod": "Период токена OTP",
"initialCounter": "Начальное значение счетчика",
"attestationPreference": {
diff --git a/js/apps/admin-ui/public/locales/zh-CN/authentication-help.json b/js/apps/admin-ui/public/locales/zh-CN/authentication-help.json
index 822bb20e105..5572734f934 100644
--- a/js/apps/admin-ui/public/locales/zh-CN/authentication-help.json
+++ b/js/apps/admin-ui/public/locales/zh-CN/authentication-help.json
@@ -12,7 +12,6 @@
"webAuthnPolicyRpEntityName": "便于阅读的 WebAuthn依赖方的服务器名称",
"otpHashAlgorithm": "应该使用什么哈希算法来生成 OTP。",
"otpPolicyDigits": "OTP 应该有多少位数?",
- "lookAhead": "如果令牌生成器和服务器不同步或计数器不同步,服务器应该向前查看多久?",
"otpPolicyPeriod": "OTP 令牌应该多少秒有效?默认为 30 秒。",
"otpPolicyCodeReusable": "验证成功后可以再次使用相同的 OTP 代码。",
"supportedApplications": "已知适用于当前 OTP 策略的应用程序",
diff --git a/js/apps/admin-ui/public/locales/zh-CN/authentication.json b/js/apps/admin-ui/public/locales/zh-CN/authentication.json
index c2ef993f085..ae2a6e37dc2 100644
--- a/js/apps/admin-ui/public/locales/zh-CN/authentication.json
+++ b/js/apps/admin-ui/public/locales/zh-CN/authentication.json
@@ -21,7 +21,6 @@
},
"otpHashAlgorithm": "OTP哈希算法",
"otpPolicyDigits": "位数",
- "lookAhead": "前瞻窗口",
"otpPolicyPeriod": "OTP 令牌周期",
"otpPolicyPeriodErrorHint": "时间需要在 1 秒到 2 分钟之间",
"otpPolicyCodeReusable": "可重复使用的令牌",
diff --git a/js/apps/admin-ui/src/authentication/policies/OtpPolicy.tsx b/js/apps/admin-ui/src/authentication/policies/OtpPolicy.tsx
index d4895b62630..d30badf682c 100644
--- a/js/apps/admin-ui/src/authentication/policies/OtpPolicy.tsx
+++ b/js/apps/admin-ui/src/authentication/policies/OtpPolicy.tsx
@@ -204,14 +204,14 @@ export const OtpPolicy = ({ realm, realmUpdated }: OtpPolicyProps) => {
/>
}
- fieldId="lookAhead"
+ fieldId="lookAround"
>
{
return (
setValue(value + 1)}
diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/TimeBasedOTP.java b/server-spi-private/src/main/java/org/keycloak/models/utils/TimeBasedOTP.java
index fd983ce28ec..641e28e0a36 100755
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/TimeBasedOTP.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/TimeBasedOTP.java
@@ -81,7 +81,7 @@ public class TimeBasedOTP extends HmacOTP {
public boolean validateTOTP(String token, byte[] secret) {
long currentInterval = this.clock.getCurrentInterval();
- for (int i = 0; i <= (lookAheadWindow * 2); i++) {
+ for (int i = 0; i <= (lookAroundWindow * 2); i++) {
long delta = clockSkewIndexToDelta(i);
long adjustedInterval = currentInterval + delta;
diff --git a/server-spi/src/main/java/org/keycloak/models/utils/HmacOTP.java b/server-spi/src/main/java/org/keycloak/models/utils/HmacOTP.java
index 3456f11b267..94de4a648a9 100755
--- a/server-spi/src/main/java/org/keycloak/models/utils/HmacOTP.java
+++ b/server-spi/src/main/java/org/keycloak/models/utils/HmacOTP.java
@@ -36,12 +36,12 @@ public class HmacOTP {
private static final int[] DIGITS_POWER = {1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000};
protected final String algorithm;
protected final int numberDigits;
- protected final int lookAheadWindow;
+ protected final int lookAroundWindow;
public HmacOTP(int numberDigits, String algorithm, int delayWindow) {
this.numberDigits = numberDigits;
this.algorithm = algorithm;
- this.lookAheadWindow = delayWindow;
+ this.lookAroundWindow = delayWindow;
}
public static String generateSecret(int length) {
@@ -80,7 +80,7 @@ public class HmacOTP {
public int validateHOTP(String token, byte[] key, int counter) {
int newCounter = counter;
- for (newCounter = counter; newCounter <= counter + lookAheadWindow; newCounter++) {
+ for (newCounter = counter; newCounter <= counter + lookAroundWindow; newCounter++) {
String candidate = generateHOTP(key, newCounter);
if (candidate.equals(token)) {
return newCounter + 1;