<html><body><div>@Bill</div><div>What do you think about this? Do you prefere the "new way" or the old one?</div><div><br data-mce-bogus="1"></div><div>Am 29. Oktober 2015 um 07:15 schrieb Michael Gerber <gerbermichi@me.com>:<br><br></div><div><blockquote type="cite"><div class="msg-quote"><div class="_stretch"><span class="body-text-content">You showed in the passt the correct error message only if the user has entered the correct password.<br><br>In other words, you can split the userValidation into a pre and post validation, so you have the possibility to show sensitive messages only to authenticated users.<br><br><blockquote type="cite" class="quoted-plain-text">Am 29.10.2015 um 00:42 schrieb Bill Burke <bburke@redhat.com>:</blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text">Hmmm...IIRC I kept that there because, if the account is disabled how would the user ever know? This is even more important with a temporarily disabled account.</blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">On 10/28/2015 5:48 PM, Michael Gerber wrote:</blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">Just create a new user, disable it and try to log in with the username and a wrong password.</blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">And you will get the following error message:</blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">Account is disabled, contact admin.</blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><br></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><br></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">On 28.10.2015, at 20:50, Bill Burke <bburke@redhat.com> wrote:</blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><br></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">How is this possible?</blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><br></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">On 10/28/2015 10:53 AM, Michael Gerber wrote:</blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">Hi all,</blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">it is possible to guess the username of disabled users.</blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">This was not possible in earlier versions of keycloak. Is this on purpose?</blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">Best</blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">Michael</blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">_______________________________________________</blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">keycloak-dev mailing list</blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><a href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" data-mce-href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></blockquote></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><br></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">--</blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">Bill Burke</blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">JBoss, a division of Red Hat</blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><a href="http://bill.burkecentral.com" data-mce-href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">_______________________________________________</blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text">keycloak-dev mailing list</blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><a href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><blockquote type="cite" class="quoted-plain-text"><a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" data-mce-href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></blockquote></blockquote></blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text">--</blockquote><blockquote type="cite" class="quoted-plain-text">Bill Burke</blockquote><blockquote type="cite" class="quoted-plain-text">JBoss, a division of Red Hat</blockquote><blockquote type="cite" class="quoted-plain-text"><a href="http://bill.burkecentral.com" data-mce-href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></blockquote><br>_______________________________________________<br>keycloak-dev mailing list<br><a href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" data-mce-href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br></span></div></div></blockquote></div></body></html>