用户临时锁定上的Keycloak自定义消息 [英] Keycloak Custom message on user temporary lock

问题描述

我正在使用Kyecloak:4.8.0，并为我的领域启用了蛮力攻击.现在，每当用户提供3次错误的凭据时，该用户就会被暂时锁定.

I am using Kyecloak:4.8.0, and have enabled Brute force attack for my realm. Now whenever user provides wrong credentials for 3 times user will be locked temporarily.

但是用户仍然会看到无效的用户名/密码".

But still user will see "Invalid username/password".

根据此线程，Keycloak故意这样做: https://issues.jboss.org/browse/KEYCLOAK-5284

According to this thread Keycloak have done this intentionally: https://issues.jboss.org/browse/KEYCLOAK-5284

但是我仍然想向用户显示他的帐户已被锁定.

But still i want to show user that his account has been locked.

有什么办法可以自定义此消息?

Is there any way to customize this message?

我尝试通过在自定义按键斗篷主题中添加消息来做到这一点，如下所示:

I tried doing this by adding message in custom keycloak theme as below:

位置:themes \ adminlte \ login \ messages \ messages_en.properties

location: themes\adminlte\login\messages\messages_en.properties

accountTemporarilyDisabledMessage=Account is temporarily disabled, contact admin or try again later.

此更改无效.

推荐答案

浏览Keycloak基本代码后，我发现:Keycloak使用 Messages.INVALID_USER (invalidUserMessage)，该属性来自用 AbstractFormAuthenticator 类.

After going through Keycloak base code what i found is: Keycloak uses Messages.INVALID_USER (invalidUserMessage) from properties which is written in AbstractFormAuthenticator class.

现在，此类由UsernamePasswordForm扩展，以将其更改为自定义消息，如下所示，我编写了自定义身份验证器(Keycloak SPI)

This class is at the end extended by UsernamePasswordForm now to change this to custom message i Wrote Custom Authenticator (Keycloak SPI) like below

public class CustomUsernameFormAuthenticator extends UsernamePasswordForm {

    @Override
    protected String tempDisabledError() {
        return Messages.ACCOUNT_TEMPORARILY_DISABLED;
    }
}

在此之后在密钥斗篷中部署spi Jar并在您的领域中启用它.我们完成了:)

After this deploy spi Jar in keycloak and enable it in your realm. And we are done :)

这篇关于用户临时锁定上的Keycloak自定义消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！