Hi,
Can we implement Custom Authentication along with Brute Force Detection and custom messages. The flow is as follows:
- Application captures credentials and Calls KeyCloak endpoint.
- Keycloak uses Custom Authentication- uses the data in the request and makes a backend call.
- If login successfull Keycloak will generate a token and send a encrypted token like JOSE encryption back to calling application.
- If the login fails continuously for number of attempts Brute Force Kicks in and LOcks the user for say 60 mins.
- Keycloak Generates a Custom message and send it back to the calling application instead of Incorrect Username and Password.
Thanks
Ajay