Keycloak Custom message on user temporary lock

十年热恋 提交于 2021-01-29 11:20:59

问题


I am using Kyecloak:4.8.0, and have enabled Brute force attack for my realm. Now whenever user provides wrong credentials for 3 times user will be locked temporarily.

But still user will see "Invalid username/password".

According to this thread Keycloak have done this intentionally: https://issues.jboss.org/browse/KEYCLOAK-5284

But still i want to show user that his account has been locked.

Is there any way to customize this message?

I tried doing this by adding message in custom keycloak theme as below:

location: themes\adminlte\login\messages\messages_en.properties

accountTemporarilyDisabledMessage=Account is temporarily disabled, contact admin or try again later.

This change is not working.


回答1:


After going through Keycloak base code what i found is: Keycloak uses Messages.INVALID_USER (invalidUserMessage) from properties which is written in AbstractFormAuthenticator class.

This class is at the end extended by UsernamePasswordForm now to change this to custom message i Wrote Custom Authenticator (Keycloak SPI) like below

public class CustomUsernameFormAuthenticator extends UsernamePasswordForm {

    @Override
    protected String tempDisabledError() {
        return Messages.ACCOUNT_TEMPORARILY_DISABLED;
    }
}

After this deploy spi Jar in keycloak and enable it in your realm. And we are done :)



来源:https://stackoverflow.com/questions/57112945/keycloak-custom-message-on-user-temporary-lock

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!