密钥泄露:表明用户已被暂时锁定 [英] Keycloak: Indicate user is temporarily locked
问题描述
用户在短时间内无法登录太多次后;有没有办法让Keycloak登录屏幕告诉用户他们已被暂时锁定,以便他们知道必须等待并稍后再试?
After a user has failed to log in too many times in too short a time; Is there a way to have the Keycloak login screen tell the user that they are temporarily locked, so they can know they have to wait and try again later?
此刻它继续告诉他们他们的密码错误,因此他们可能会继续尝试,并可能最终被告知他们的正确密码不正确.
At the moment it continues to tell them their password is wrong, so they will probably keep trying, and may end up being told their correct password is incorrect.
理想情况下,我希望仅通过更改登录主题即可进行此操作,而无需进行额外的API调用.
Ideally I'd like to be able to do this with only changes to the login theme, and without making extra API calls.
推荐答案
GET /{realm}/attack-detection/brute-force/users/{userId}
后者将仅在暂时禁用的情况下显示
The latter will only show if it's temporary disabled
您可以使用它而无需使用任何额外的API调用即可
You can make it without any extra API calls just use
Admin REST API(获取用户和获取用户表示形式)
Admin REST APIs (Get Users and Get Representation Of User)
返回最大登录失败次数"尝试后启用的属性值不一致
it returns inconsistent values of attribute enabled after Max Login Failure" attempts exceeded
说明
在最大登录失败数"之后的以下两个管理REST API请求之间,参数已启用"(对于给定的[uid})的返回值不同.
Different returning values of parameter "enabled" (for given{uid}) between following two admin REST API requests after Max Login Failure" attempts exceeded.
- 获取用户代表
GET/admin/realms/{realm}/users/{id} =>启用":false
GET /admin/realms/{realm}/users/{id} => "enabled":false
- 获取用户
2.1 GET/admin/realms/{realm}/users =>"enabled":true
2.1 GET /admin/realms/{realm}/users => "enabled":true
2.2 GET/admin/realms/{realm}/users?search = {string} =>"enabled":true
2.2 GET /admin/realms/{realm}/users?search={string} => "enabled":true
- 在暴力检测中获取用户名的状态=>
获取 /admin/realms/{realm}/attack-detection/brute-force/usernames/{username} =>("disabled":true)
GET /admin/realms/{realm}/attack-detection/brute-force/usernames/{username} => ("disabled":true)
注意:尝试最大登录失败后,GUI管理控制台将返回user = disabled并已锁定.
这篇关于密钥泄露:表明用户已被暂时锁定的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
