fix more

services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java

@@ -126,6 +126,7 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth
             context.getEvent().error(Errors.USER_DISABLED);
             Response challengeResponse = disabledUser(context);
             // this is not a failure so don't call failureChallenge.
+            //context.failureChallenge(AuthenticationFlowError.USER_DISABLED, challengeResponse);
             context.forceChallenge(challengeResponse);
             return false;
         }
@@ -135,6 +136,7 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth
                 context.getEvent().error(Errors.USER_TEMPORARILY_DISABLED);
                 Response challengeResponse = temporarilyDisabledUser(context);
                 // this is not a failure so don't call failureChallenge.
+                //context.failureChallenge(AuthenticationFlowError.USER_TEMPORARILY_DISABLED, challengeResponse);
                 context.forceChallenge(challengeResponse);
                 return false;
             }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java

@@ -300,6 +300,7 @@ public class BruteForceTest extends AbstractTestRealmKeycloakTest {
         // KEYCLOAK-5420
         // Test to make sure that temporarily disabled doesn't increment failure count
         testingClient.testing().setTimeOffset(Collections.singletonMap("offset", String.valueOf(52)));
+        // should be unlocked now
         loginSuccess();
         clearUserFailures();
         clearAllUserFailures();