From 6f469b9dd19d49cf4ee7f4067ca9ce7db5927652 Mon Sep 17 00:00:00 2001
From: Alaa <alaainamor@gmail.com>
Date: Mon, 9 Dec 2024 11:44:10 +0100
Subject: [PATCH] Fix missing userId in LOGIN_ERROR event for permanent lockout
 with separate username/password forms

Signed-off-by: Alaa <alaainamor@gmail.com>
---
 .../org/keycloak/authentication/AuthenticationProcessor.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java b/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
index 549e269e8523..7c5cd8f2e759 100755
--- a/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
+++ b/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
@@ -1177,7 +1177,10 @@ public Response finishAuthentication(LoginProtocol protocol) {
 
     public void validateUser(UserModel authenticatedUser) {
         if (authenticatedUser == null) return;
-        if (!authenticatedUser.isEnabled()) throw new AuthenticationFlowException(AuthenticationFlowError.USER_DISABLED);
+        if (!authenticatedUser.isEnabled()) {
+            event.user(authenticatedUser).detail(Details.USERNAME, authenticatedUser.getUsername());
+            throw new AuthenticationFlowException(AuthenticationFlowError.USER_DISABLED);
+        }
         if (authenticatedUser.getServiceAccountClientLink() != null) throw new AuthenticationFlowException(AuthenticationFlowError.UNKNOWN_USER);
     }