[keycloak-user] Handling disabled users from LDAP

[Dockendorf, Trey]

Currently we use Keycloak as an IdP tied to our LDAP environment.  We are curious how we would go about having Keycloak reject logins from accounts we deem disabled in LDAP.  Disabled could be for many reasons, one of which is password expiration.  I see I could add a filter to our User Federation for LDAP, but the user would likely just show up as not found and get no kind of “Your account is disabled” message I presume.

Thanks,
- Trey

--
Trey Dockendorf
HPC Systems Engineer
Ohio Supercomputer Center