Skip to main content

Would you like to cover the case what will happen when a user enters her/his credentials incorrectly many times? The setting of Max Login Failure can be set in Keycloak Admin Console, follow these steps:

  1. Log into Keycloak Admin Console
  2. Go to Realm Settings (Ataccamaone) on the left-hand menu
  3. Go to Security Defenses tab
  4. Select Brute Force Detection and enable the feature
  5. Set the Max Login Failure to the desired amount
Brute Force Detection before enablement
When enabled, all setting can be changed accordingly to your needs

 

Any question or comment? Let us know!

And if i want to implement email notifications for failed login attempts specifically after the third incorrect attempt in Keycloak what should i do ?


Hello,

Keycloak supports email notifications (you have to define SMTP resource first - check https://www.keycloak.org/docs/latest/server_admin/#_email) and then you should register the STMP / email notifications to the Keycloak Event listener group in the Event Config screen. Similar article was also discussed here: https://keycloak.discourse.group/t/send-notification-for-failed-login/5527

Although, I think the events would fire every time they are triggered, i.e. you could get quite a lot emails.

Hope this helps you move forward.


Hello,

Thank you for your message and the helpful resources you provided.

I want to clarify that I'm aware of the email notifications for failed login attempts in Keycloak. Currently, I receive an email notification each time there's a wrong email or password entered. However, I'm looking to customize this feature so that I receive the notification only after the third unsuccessful attempt.

If you have any further insights or suggestions on achieving this, I would greatly appreciate it.

Thank you again for your assistance.


I’m happy that the previously provided information was helpful to you.

To your follow-up question about specific event count-condition notification, I’m not aware of any readily available Keycloak configuration or plugin that would work as you expect, but you can still try finding something “ready” on the web.

What I believe you need is a Keycloak plugin or extension that modifies the Event listener behavior using custom Java coding. There are some custom plugins examples on the web that you can look at to get some starting inspiration. I’m linking an article that describes building such a custom Keycloak plugin. I can imagine that with some Java code this could be adjusted to behave as you wish.

https://medium.com/@adwaitthattey/building-an-event-listener-spi-plugin-for-keycloak-5bf9de1b0965

Perhaps, your desired setup could be achieved through the extension of the https://www.keycloak.org/docs-api/21.1.2/javadocs/org/keycloak/events/email/EmailEventListenerProvider.html class. I’d carefully consider how to count the “failed” events for different logins or event types, and how to avoid memory leaks in your code - event counts can grow to infinity and you need to work with available Keycloak memory.

Please, let us know if you were able to build it and make it work as expected. Good luck!🤞


Reply