keycloak / keycloak

Open Source Identity and Access Management For Modern Applications and Services
https://www.keycloak.org
Apache License 2.0
23.27k stars 6.75k forks source link

Recaptcha for login #14936

Open Shashirokz opened 2 years ago

Shashirokz commented 2 years ago

Description

Recaptcha is configurable at Register stage. Following this Recaptcha can be enabled at Login stage in a new realm. Cannot configure in master realm.

How can Recaptcha be configured for Login stage?

ahus1 commented 2 months ago

Thank you for raising this idea. I'm marking this as an enhancement.

@mposolda / @ssilvert / @edewit - is something like that planned for the new login theme?

ssilvert commented 2 months ago

@ahus1 This is not something that is planned at the moment, but I will add it to our list. We are going to go through the exercise of prioritizing enhancements very soon.

ariferol commented 2 months ago

I have reviewed and activated Keycloak’s brute-force attack protection settings. However, I have observed that Google’s "reCAPTCHA" project offers numerous features that could benefit enterprise projects, particularly in terms of brute-force attack protection, human recognition capabilities, and free functionalities. Originally launched in 2007, reCAPTCHA was acquired by Google in 2009 and continues to be developed. According to my research, even the free version is actively being improved by Google's team to address security threats, bot detection, and spam reduction, and it has established itself within a large developer community. Given these capabilities, I believe that having optional support for "reCAPTCHA" in Keycloak features would greatly benefit all Keycloak users.

Thank you in advance for your efforts.