Notify the user by email that their account has been deactivated due to brute force

Hello, is it possible to implement this feature if yes what are the classes to overload? DefaultBruteForceProtector keycloak/DefaultBruteForceProtector.java at master · keycloak/keycloak · GitHub ?

You can write your own implementation of BruteForceProtector and change it in your config. You might also be able to write an EventListener that looks for LOGIN_ERROR event types and then checks the user to see if they have just been disabled.

2 Likes

Hello, If it’s of any use to anyone else, here’s my solution : GitHub - ubitransports/keycloak-notification-user-disabled

2 Likes