detect_login_loops
Detect users with rapid repeated logins indicating redirect loops. Analyzes login events within a configurable time window and threshold.
Instructions
Detect users with rapid repeated logins (possible redirect loops).
Scans all LOGIN events and finds users who logged in more than threshold
times within window_seconds.
Args: date_from: Start date (YYYY-MM-DD). Defaults to last 24h when omitted (KEYCLOAK_DEFAULT_DATE_FROM_HOURS). date_to: End date (YYYY-MM-DD). Empty for all. threshold: Minimum logins within the window to flag (default 10). window_seconds: Time window in seconds (default 60). top: Number of top users to show (default 20). Use 0 for all.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| top | No | ||
| date_to | No | ||
| date_from | No | ||
| threshold | No | ||
| window_seconds | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |