Fix missing userId in LOGIN_ERROR event for permanent lockout with se…

…parate username/password forms Signed-off-by: Alaa <[email protected]>
pedroigor · Dec 12, 2024 · 6f469b9 · 6f469b9
1 parent bbca611
commit 6f469b9
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java b/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
@@ -1177,7 +1177,10 @@ public Response finishAuthentication(LoginProtocol protocol) {
 
     public void validateUser(UserModel authenticatedUser) {
         if (authenticatedUser == null) return;
-        if (!authenticatedUser.isEnabled()) throw new AuthenticationFlowException(AuthenticationFlowError.USER_DISABLED);
+        if (!authenticatedUser.isEnabled()) {
+            event.user(authenticatedUser).detail(Details.USERNAME, authenticatedUser.getUsername());
+            throw new AuthenticationFlowException(AuthenticationFlowError.USER_DISABLED);
+        }
         if (authenticatedUser.getServiceAccountClientLink() != null) throw new AuthenticationFlowException(AuthenticationFlowError.UNKNOWN_USER);
     }