Seems a bug in Keycloak backend. I fixed it and refer the workaround below,
Step 1:
Download Keycloak backend source code from Tags · keycloak/keycloak · GitHub (make sure to download your server version)
Step 2:
Make changes on two methods in org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator class in services module,
protected Response challenge(AuthenticationFlowContext context, String error) {
LoginFormsProvider form = context.form()
.setExecution(context.getExecution().getId());
if (error != null) {
if(error == Messages.ACCOUNT_TEMPORARILY_DISABLED){
form.setError(error, context.getRealm().getWaitIncrementSeconds() / 60);
} else {
form.setError(error);
}
}
return createLoginForm(form);
}
protected String tempDisabledError() {
return Messages.ACCOUNT_TEMPORARILY_DISABLED;
}
Step 3:
Compile the …/service module and replace the keycloak-services-<>.jar file in server location (.\keycloak-<>\modules\system\layers\keycloak\org\keycloak\keycloak-services\main)
Step 4:
Restart the Keycloak service
(E.g. C:\dev\opt\sso\keycloak-8.0.1\bin\standalone.bat -Djboss.socket.binding.port-offset=100)
Step 5:
Change the message accountTemporarilyDisabledMessage base on your requirement in theme location, themes\adminlte\login\messages\messages_en.properties
Message should be like this,
accountTemporarilyDisabledMessage=Your account is locked due to the multiple invalid login attempts, Please try after {0} mins.
Note: You can cnage the maximum login attempts and Max wating time via Keycloak admin console path,
Realm Settings >> Security Defenses >> Brute Force Detections
Parameters: Max Login Failures and Wait Increment
This works for me.
Enjoy Keycloak
-Nandika