A.1.2 LOGIN_ERROR
M-CNCC IAM UI- Master realm- Login Error with Brute Force Protection Enabled
Figure -3 Login Error with Brute Force Protection enabled
M-CNCC IAM Kc Logs:
- When a user enters an invalid username and/or password:
Event log:
Note:
Key Attributes to Evaluate:level:"WARN",
message:"type=\"LOGIN_ERROR\"
error=\"invalid_user_credentials\"
username=\"admin_test\""
{"timestamp":"2025-11-27T14:48:37.759646496Z","sequence":2543,"loggerClassName":"org.jboss.logging.Logger","loggerName":"org.keycloak.events","level":"WARN","message":"type=\"LOGIN_ERROR\", realmId=\"master\", realmName=\"master\", clientId=\"security-admin-console\", userId=\"4f960adf-d36a-4706-ae1b-24ca3508c05f\", ipAddress=\"10.75.213.184\", error=\"invalid_user_credentials\", auth_method=\"openid-connect\", auth_type=\"code\", redirect_uri=\"http://10.75.213.184:30085/cncc/auth/admin/master/console/#/master/realms\", code_id=\"8a6becd6-9f29-5ce3-fd85-9247e45b4ec1\", username=\"admin_test\"","threadName":"executor-thread-54","threadId":109,"mdc":{},"ndc":"","hostName":"cncc-iam","processName":"/opt/java/jre/bin/java","processId":571} - If the number of
LOGIN_ERRORattempts exceeds the configured Max Login Failures threshold (default: 5) with Brute Force Protection (enabled by Default), the following logs will be observed in the next attempt to log in:Note:
Key Attributes to Evaluatelevel:"DEBUG",
message:"type=\"USER_DISABLED_BY_TEMPORARY_LOCKOUT\
num_failures=\"5\""
reason=\"brute_force_attack detected\""
not_before=\"2025-11-17T09:37:50\(only present in 6th attempt)
username field isn't present in the 6th attempt
Event log:{"timestamp":"2025-11-27T14:48:37.7692526Z","sequence":2544,"loggerClassName":"org.jboss.logging.Logger","loggerName":"org.keycloak.events","level":"DEBUG","message":"type=\"USER_DISABLED_BY_TEMPORARY_LOCKOUT\", realmId=\"master\", realmName=\"master\", clientId=\"null\", userId=\"4f960adf-d36a-4706-ae1b-24ca3508c05f\", ipAddress=\"10.75.213.184\", reason=\"brute_force_attack detected\", not_before=\"2025-11-27T15:18:37\", num_failures=\"1\"","threadName":"kc-bruteforce-39-0","threadId":47,"mdc":{},"ndc":"","hostName":"cncc-iam","processName":"/opt/java/jre/bin/java","processId":571} - Subsequent login attempts will generate following logs after
brute_force_attackevent log is generated:Note:
Key Attributes to Evaluatelevel:"WARN",
message:"type=\"LOGIN_ERROR\"
error=\"user_temporarily_disabled\"
username=\"admin\""
Event log:{"timestamp":"2025-11-27T14:49:34.353565336Z","sequence":2546,"loggerClassName":"org.jboss.logging.Logger","loggerName":"org.keycloak.events","level":"WARN","message":"type=\"LOGIN_ERROR\", realmId=\"master\", realmName=\"master\", clientId=\"security-admin-console\", userId=\"4f960adf-d36a-4706-ae1b-24ca3508c05f\", ipAddress=\"10.75.213.184\", error=\"user_temporarily_disabled\", auth_method=\"openid-connect\", auth_type=\"code\", redirect_uri=\"http://10.75.213.184:30085/cncc/auth/admin/master/console/#/master/realms\", code_id=\"8a6becd6-9f29-5ce3-fd85-9247e45b4ec1\", username=\"admin_test\"","threadName":"executor-thread-53","threadId":108,"mdc":{},"ndc":"","hostName":"cncc-iam","processName":"/opt/java/jre/bin/java","processId":571}
M-CNCC IAM Ingress Gateway logs
SECURITY-
Request
log:
{
"instant": {
"epochSecond": 1764254387,
"nanoOfSecond": 634506670
},
"thread": "igw-app-thread5",
"level": "INFO",
"loggerName": "ocpm.cne.gateway.cncc.filters.CnccLoggingFilter",
"message": {
"logType": "SECURITY",
"type": "REQUEST",
"operationType": "POST",
"userId": "1",
"username": "admin",
"remoteAddress": "xxx.xxx.xxx.xxx:42411",
"localAddress": "xxx.xxx.xxx.xxx:8081",
"resourcePath": "/cncc/auth/realms/master/login-actions/authenticate",
"scheme": "http",
"queryParams": {
"session_code": "LWdhvDZM6j9mRZC-0V5s4a_TrQY3sGnRKoFbE7ivhxs",
"execution": "75965990-07d5-4dc3-b9aa-e7ad197e41f5",
"client_id": "security-admin-console",
"tab_id": "jHQb3x-o1Ho",
"client_data": "eyJydSI6Imh0dHA6Ly94eHgueHh4Lnh4eDozMDA4NS9jb mNjYy9hdXRoL2FkbWluL21hc3Rlci9jb25zb2xlLyMvbWFzdGVyL3VzZXJzLzRmOTYwYWRmLWQzNmEtNDcwNi1hZTFiLTI0Y2EzNTA4YzA1Zi9jcmVkZW50aWFscyIsInJ0IjoiY29kZSIsInJtIjoicXVlcnkiLCJzdCI6Ijc0NjJhOWU1LTY1ODEtNDhmZC1hMTNmLTc0YjhlNzkyZWQzZCJ9"
},
"headers": {
"Origin": "null",
"Cookie": "{masked}",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"Connection": "keep-alive",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
"uuidToken": "2e40b37c-5f4d-4d40-b899-d4e242e594d8",
"Host": "xxx.xxx.xxx.xxx:30085",
"Accept-Encoding": "gzip, deflate",
"svcName": "cncc-iam-kc-http.cncc.svc.cluster.local",
"ocLogId": "1764254387630_97_cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"sbi-timer-publish-headers": "false",
"Cache-Control": "max-age=0",
"Upgrade-Insecure-Requests": "1",
"Accept-Language": "en-US,en;q=0.9",
"Content-Length": "47",
"sbi-timer-feature": "false",
"Content-Type": "application/x-www-form-urlencoded"
},
"payload": "username=admin_test&password={masked}&credentialId=",
"authenticationType": "UNKNOWN"
},
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.internal.DefaultLogBuilder",
"threadId": 110,
"threadPriority": 5,
"messageTimestamp": "2025-11-27T14:39:47.634+0000",
"processId": "1",
"ingressTxId": "ingress-tx-1998179520",
"pod": "cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"ocLogId": "1764254387630_97_cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"instanceType": "prod",
"xRequestId": "-"
}SECURITY- Response
log:
{
"instant": {
"epochSecond": 1764254387,
"nanoOfSecond": 854526741
},
"thread": "igw-app-thread12",
"level": "INFO",
"loggerName": "ocpm.cne.gateway.cncc.filters.CnccLoggingFilter",
"message": {
"logType": "SECURITY",
"type": "RESPONSE",
"operationType": "POST",
"userId": "1",
"username": "admin",
"resourcePath": "/cncc/auth/realms/master/login-actions/authenticate",
"scheme": "http",
"headers": {
"content-length": "8661",
"X-Content-Type-Options": "nosniff",
"RequestMethod": "POST",
"Referrer-Policy": "no-referrer",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"X-Robots-Tag": "none",
"Cache-Control": "no-store, must-revalidate, max-age=0",
"Content-Security-Policy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"NettyLatency": "1764254387630",
"Content-Language": "en",
"Content-Type": "text/html;charset=utf-8"
},
"payload": {},
"authenticationType": "UNKNOWN",
"status": "200 OK"
},
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.internal.DefaultLogBuilder",
"threadId": 128,
"threadPriority": 5,
"messageTimestamp": "2025-11-27T14:39:47.854+0000",
"processId": "1",
"ingressTxId": "ingress-tx-1173116420",
"pod": "cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"ocLogId": "-",
"instanceType": "prod",
"xRequestId": "-"
}M-CNCC Core UI- Login Error in with Brute Force Protection enabled
Figure -4 Login Error in with Brute Force Protection enabled
M-CNCC IAM Kc Logs
- When a user enters an invalid username and/or
password:
{"timestamp":"2025-11-27T14:52:23.939615062Z","sequence":2567,"loggerClassName":"org.jboss.logging.Logger","loggerName":"org.keycloak.events","level":"WARN","message":"type=\"LOGIN_ERROR\", realmId=\"cncc\", realmName=\"cncc\", clientId=\"cncc\", userId=\"c3108ac1-a5b5-425c-b752-41e4bf36d724\", ipAddress=\"10.75.213.184\", error=\"user_temporarily_disabled\", auth_method=\"openid-connect\", auth_type=\"code\", redirect_uri=\"http://10.75.213.184:30030/login/oauth2/code/cncc-iam\", code_id=\"16ea4573-22ab-f78e-d6aa-37decad33307\", username=\"user_test\"","threadName":"executor-thread-67","threadId":127,"mdc":{},"ndc":"","hostName":"cncc-iam","processName":"/opt/java/jre/bin/java","processId":571} - If the number of
LOGIN_ERRORattempts exceeds the configured Max Login Failures threshold (default: 5) with Brute Force Protection (enabled by Default), the following logs will be observed in the next attempt to log in:Note:
Key Attributes to Evaluatelevel:"DEBUG",
message:"type=\"USER_DISABLED_BY_TEMPORARY_LOCKOUT\
num_failures=\"5\""
reason=\"brute_force_attack detected\""
not_before=\"2025-11-17T09:37:50\(only present in 6th attempt)
username field isnt present in the 6th attempt
Event log:{"timestamp":"2025-11-27T13:37:13.565594768Z","sequence":2496,"loggerClassName":"org.jboss.logging.Logger","loggerName":"org.keycloak.events","level":"DEBUG","message":"type=\"USER_DISABLED_BY_TEMPORARY_LOCKOUT\", realmId=\"cncc\", realmName=\"cncc\", clientId=\"null\", userId=\"c3108ac1-a5b5-425c-b752-41e4bf36d724\", ipAddress=\"10.75.213.184\", reason=\"brute_force_attack detected\", not_before=\"2025-11-27T14:07:13\", num_failures=\"5\"","threadName":"kc-bruteforce-952-3","threadId":60,"mdc":{},"ndc":"","hostName":"cncc-iam","processName":"/opt/java/jre/bin/java","processId":550} - Subsequent login attempts will generate following logs after
brute_force_attackevent log is generated:Note:
Key Attributes to Evaluatelevel:"WARN",
message:"type=\"LOGIN_ERROR\"
error=\"user_temporarily_disabled\"
username=\"user_test\""
Event log:{"timestamp":"2025-11-27T14:57:52.77916759Z","sequence":2594,"loggerClassName":"org.jboss.logging.Logger","loggerName":"org.keycloak.events","level":"WARN","message":"type=\"LOGIN_ERROR\", realmId=\"cncc\", realmName=\"cncc\", clientId=\"cncc\", userId=\"c3108ac1-a5b5-425c-b752-41e4bf36d724\", ipAddress=\"10.75.213.184\", error=\"user_temporarily_disabled\", auth_method=\"openid-connect\", auth_type=\"code\", redirect_uri=\"http://10.75.213.184:30030/login/oauth2/code/cncc-iam\", code_id=\"16ea4573-22ab-f78e-d6aa-37decad33307\", username=\"user_test\"","threadName":"executor-thread-81","threadId":144,"mdc":{},"ndc":"","hostName":"cncc-iam","processName":"/opt/java/jre/bin/java","processId":571}
M-CNCC IAM Ingress Gateway Logs
SECURITY-
Request
log:
{
"instant": {
"epochSecond": 1764255143,
"nanoOfSecond": 900330911
},
"thread": "igw-app-thread8",
"level": "INFO",
"loggerName": "ocpm.cne.gateway.cncc.filters.CnccLoggingFilter",
"message": {
"logType": "SECURITY",
"type": "REQUEST",
"operationType": "POST",
"userId": "UNKNOWN",
"username": "UNKNOWN",
"remoteAddress": "xxx.xxx.xxx.xxx:40035",
"localAddress": "xxx.xxx.xxx.xxx:8081",
"resourcePath": "/cncc/auth/realms/cncc/login-actions/authenticate",
"scheme": "http",
"queryParams": {
"session_code": "nSfrzV49PIW_qqdsB9QjzFK7M9ufPlraPErxq6BWvBg",
"execution": "91a42aca-f4f5-401f-a63f-ebbed8681d17",
"client_id": "cncc",
"tab_id": "hoM8hXq0qB8",
"client_data": "eyJydSI6Imh0dHA6Ly94eHgueHh4Lnh4eDozMDAzMC9sb2dpbi9vYXV0aDIvY29kZS9jb mNjLWlhbSIsInJ0IjoiY29kZSIsInN0Ijoibk1EcEF1bUhiZW1Bc00yaTVnZDFXak0zdzZBSVlVTzhJVlFPZGFrbFptMD0ifQ"
},
"headers": {
"Origin": "null",
"Cookie": "{masked}",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"Connection": "keep-alive",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
"uuidToken": "e2499a63-39e0-4b51-ad0a-7cb6e7acdf20",
"Host": "xxx.xxx.xxx.xxx:30085",
"Accept-Encoding": "gzip, deflate",
"svcName": "cncc-iam-kc-http.cncc.svc.cluster.local",
"ocLogId": "1764255143898_70_cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"sbi-timer-publish-headers": "false",
"Cache-Control": "max-age=0",
"Upgrade-Insecure-Requests": "1",
"Accept-Language": "en-US,en;q=0.9",
"Content-Length": "46",
"sbi-timer-feature": "false",
"Content-Type": "application/x-www-form-urlencoded"
},
"payload": "username={masked}_test&password={masked}&credentialId=",
"authenticationType": "UNKNOWN"
},
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.internal.DefaultLogBuilder",
"threadId": 116,
"threadPriority": 5,
"messageTimestamp": "2025-11-27T14:52:23.900+0000",
"processId": "1",
"ingressTxId": "ingress-tx-29641272",
"pod": "cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"ocLogId": "1764255143898_70_cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"instanceType": "prod",
"xRequestId": "-"
}SECURITY- Response
log:
{
"instant": {
"epochSecond": 1764255143,
"nanoOfSecond": 951946753
},
"thread": "igw-app-thread9",
"level": "INFO",
"loggerName": "ocpm.cne.gateway.cncc.filters.CnccLoggingFilter",
"message": {
"logType": "SECURITY",
"type": "RESPONSE",
"operationType": "POST",
"userId": "UNKNOWN",
"username": "UNKNOWN",
"resourcePath": "/cncc/auth/realms/cncc/login-actions/authenticate",
"scheme": "http",
"headers": {
"content-length": "8257",
"X-Content-Type-Options": "nosniff",
"RequestMethod": "POST",
"Referrer-Policy": "no-referrer",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"X-Robots-Tag": "none",
"Cache-Control": "no-store, must-revalidate, max-age=0",
"Content-Security-Policy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"NettyLatency": "1764255143898",
"Content-Language": "en",
"Content-Type": "text/html;charset=utf-8"
},
"payload": {},
"authenticationType": "UNKNOWN",
"status": "200 OK"
},
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.internal.DefaultLogBuilder",
"threadId": 117,
"threadPriority": 5,
"messageTimestamp": "2025-11-27T14:52:23.951+0000",
"processId": "1",
"ingressTxId": "ingress-tx-832908555",
"pod": "cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"ocLogId": "-",
"instanceType": "prod",
"xRequestId": "-"
}Parent topic: CNC Console UI Event Logs