Just create a new user, disable it and try to log in with the username and a wrong
password.
And you will get the following error message:
Account is disabled, contact admin.
On 28.10.2015, at 20:50, Bill Burke <bburke(a)redhat.com> wrote:
How is this possible?
On 10/28/2015 10:53 AM, Michael Gerber wrote:
> Hi all,
>
> it is possible to guess the username of disabled users.
> This was not possible in earlier versions of keycloak. Is this on purpose?
>
> Best
> Michael
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev