diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 2314742..810f3d7 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -686,7 +686,11 @@ public class UsersResource {
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
- throw new NotFoundException("User not found");
+ return Flows.errors().error("User not found", Response.Status.NOT_FOUND);
+ }
+
+ if (!user.isEnabled()) {
+ return Flows.errors().error("User is disabled", Response.Status.BAD_REQUEST);
}
if (user.getEmail() == null) {
diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index b970471..94268c8 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -816,7 +816,10 @@ public class LoginActionsService {
if (user == null) {
event.error(Errors.USER_NOT_FOUND);
- } else {
+ }
+ else if(!user.isEnabled()) {
+ event.error(Errors.USER_DISABLED);
+ }else{
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false);
event.session(userSession);
TokenManager.attachClientSession(userSession, clientSession);
