[keycloak-user] Brute force detection kick in but login screen does not tell user
Nhut Thai Le
ntle at castortech.com
Tue Apr 17 11:50:54 EDT 2018
Hello,
I set up brute force detection to lock out user after a few attempts and i
can see the user is temporarily disabled from the log:
11:39:16,217 WARN [org.keycloak.events] (default task-13)
type=LOGIN_ERROR, realmId=398525c4-fc1d-4d8c-905e-c5c116acfc9d,
clientId=blah, userId=575c7e61-5c16-437f-aca9-e20425804fc4,
ipAddress=127.0.0.1, error=user_temporarily_disabled,
auth_method=openid-connect, auth_type=code, redirect_uri=
http://localhost:8080/blah/, code_id=44355bdc-4a9f-4960-96f8-06157bfea2d0,
username=ntle at castortech.com
However, the login screen still displays the generic error "Invalid
username or password.". Is there anyway to customize this to tell the user
that he exceed the number of trials and need to wait X minutes before retry?
Thai
More information about the keycloak-user
mailing list