On Wed, Jan 17, 2018 at 4:24 AM Hynek Mlnarik <hmlnarik(a)redhat.com> wrote:
Yes, this is intentional, and only happens when user is not already
in (e.g. in other browser). Suppose there a link to with a single action -
change password in the e-mail - and your mailbox has an automated
spam/antivirus filter that visits and checks contents of any link in the
e-mail. Since password-change link can only be used once, if the link was
consumed by the spam filter, it would expire without actual changing the
password and the user would not be able to change their own password.
Thanks for the background. The problem is that in our case, we don't have
these issues. So it would be important to be able to disable this. Is
this possible in the current setup?
On Tue, Jan 16, 2018 at 10:42 PM, John D. Ament <john.d.ament(a)gmail.com>
> I noticed that in the new version of keycloak there's a landing page that
> user receives when they're not logged in (I guess?) for a list of actions
> to perform. This page doesn't make much sense to me as a user, I just
> to see my action since I only have one to do ever.
> I see this commit introduced it
> I can't see the linked JIRA ticket (i guess it's secure?). I don't see
> way to turn off this page. Is that on purpose?
> keycloak-dev mailing list