<html><body><div>Unfortunately, it isn't implemented like that.</div><div><br></div><div>Have a look at the authenticateInternal method of the AuthenticationManager class.</div><div><div><span style="line-height: 1.5;">AuthenticationStatus.ACCOUNT_DISABLED;</span></div><div><span style="line-height: 1.5;">is returned </span>before<span style="line-height: 1.5;"> the </span>validCredentials method is invoked.</div></div><div><br></div><div>Best</div><div>Michael</div><div><br>Am 12. Januar 2015 um 12:25 schrieb Stian Thorgersen <stian@redhat.com>:<br><br></div><div><blockquote type="cite"><div class="msg-quote"><div class="_stretch"><span class="body-text-content"><span class="body-text-content"><br><br>----- Original Message -----<br></span></span><blockquote class="quoted-plain-text" type="cite">From: "Michael Gerber" <<a href="mailto:gerbermichi@me.com" data-mce-href="mailto:gerbermichi@me.com">gerbermichi@me.com</a>></blockquote><blockquote class="quoted-plain-text" type="cite">To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com" data-mce-href="mailto:stian@redhat.com">stian@redhat.com</a>></blockquote><blockquote class="quoted-plain-text" type="cite">Cc: <a href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></blockquote><blockquote class="quoted-plain-text" type="cite">Sent: Monday, 12 January, 2015 11:20:02 AM</blockquote><blockquote class="quoted-plain-text" type="cite">Subject: Re: [keycloak-dev] A disabled user receives a confusing info message, if he tries to reset his password</blockquote><blockquote class="quoted-plain-text" type="cite"></blockquote><blockquote class="quoted-plain-text" type="cite">Thank you, that sounds logical.</blockquote><blockquote class="quoted-plain-text" type="cite"></blockquote><blockquote class="quoted-plain-text" type="cite">I just wondered, because you have a different error message for disabled</blockquote><blockquote class="quoted-plain-text" type="cite">users on the login screen.</blockquote><blockquote class="quoted-plain-text" type="cite">"Account is disabled, contact admin"</blockquote><span class="body-text-content"><span class="body-text-content"><br>That should only be shown after a user has logged in with valid username/password, if you try to login with an invalid password and disabled user it should show invalid username/password.<br><br></span></span><blockquote class="quoted-plain-text" type="cite"></blockquote><blockquote class="quoted-plain-text" type="cite">Best</blockquote><blockquote class="quoted-plain-text" type="cite">Michael</blockquote><blockquote class="quoted-plain-text" type="cite"></blockquote><blockquote class="quoted-plain-text" type="cite">Am 12. Januar 2015 um 10:45 schrieb Stian Thorgersen <<a href="mailto:stian@redhat.com" data-mce-href="mailto:stian@redhat.com">stian@redhat.com</a>>:</blockquote><blockquote class="quoted-plain-text" type="cite"></blockquote><blockquote class="quoted-plain-text" type="cite">This is intentional. If we provide specific error messages on reset password</blockquote><blockquote class="quoted-plain-text" type="cite">it can be used to find out whether or not a username/email is valid. Same</blockquote><blockquote class="quoted-plain-text" type="cite">applies to login, instead of saying invalid username it just says invalid</blockquote><blockquote class="quoted-plain-text" type="cite">username or password.</blockquote><blockquote class="quoted-plain-text" type="cite"></blockquote><blockquote class="quoted-plain-text" type="cite">As an improvement we could extend the message to say if you haven't received</blockquote><blockquote class="quoted-plain-text" type="cite">a message within a certain time, then retry or contact an admin/support.</blockquote><blockquote class="quoted-plain-text" type="cite"></blockquote><blockquote class="quoted-plain-text" type="cite">----- Original Message -----</blockquote><blockquote class="quoted-plain-text" type="cite">From: "Michael Gerber" <<a href="mailto:gerbermichi@me.com" data-mce-href="mailto:gerbermichi@me.com">gerbermichi@me.com</a>></blockquote><blockquote class="quoted-plain-text" type="cite">To: <a href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></blockquote><blockquote class="quoted-plain-text" type="cite">Sent: Friday, 9 January, 2015 4:01:49 PM</blockquote><blockquote class="quoted-plain-text" type="cite">Subject: [keycloak-dev] A disabled user receives a confusing info message, if</blockquote><blockquote class="quoted-plain-text" type="cite">he tries to reset his password</blockquote><blockquote class="quoted-plain-text" type="cite">A disabled user receives the following info message, if he tries to reset his</blockquote><blockquote class="quoted-plain-text" type="cite">password:</blockquote><blockquote class="quoted-plain-text" type="cite">You should receive an email shortly with further instructions.</blockquote><blockquote class="quoted-plain-text" type="cite">This is a bit confusing. A message like that would be nicer:</blockquote><blockquote class="quoted-plain-text" type="cite">Failed to send email, please contact the administrator.</blockquote><blockquote class="quoted-plain-text" type="cite">I will create a PR if that is ok with you?</blockquote><blockquote class="quoted-plain-text" type="cite">_______________________________________________</blockquote><blockquote class="quoted-plain-text" type="cite">keycloak-dev mailing list</blockquote><blockquote class="quoted-plain-text" type="cite"><a href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></blockquote><blockquote class="quoted-plain-text" type="cite"><a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" data-mce-href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></blockquote></div></div></blockquote></div></body></html>