bitsmuggler
bitsmuggler

Reputation: 1729

Keycloak: Temporary and permanent lockout of user

I need to "implement" the following flow in keycloak as idp:

  1. The user has 3 failure logins
  2. The user should be temporary locked for 5 minutes
  3. The user has 3 failure logins again
  4. The user should be temporary locked for 5 minutes again
  5. The user has 3 failure logins again
  6. The user should be locked permanent
  7. The user should receive an e-mail that he's locked permanent.

I saw the Brute Force detection under Authentication in Keycloak. But my scenario adress both the temporary and permanent lockout.

Do you have any idea about a possible approach to address this requirement?

Upvotes: 2

Views: 8743

Answers (1)

kinjelom
kinjelom

Reputation: 6450

Keycloack has only one implementation of BruteForceProtector in the box: DefaultBruteForceProtector

You can implement your own provider:

Keycloak is designed to cover most use-cases without requiring custom code, but we also want it to be customizable. To achieve this Keycloak has a number of Service Provider Interfaces (SPI) for which you can implement your own providers.

Upvotes: 1

Related Questions