Re: [keycloak-user] Login user action lifespan

Am 16.07.2015 um 14:00 schrieb Stian Thorgersen <stian(a)redhat.com&gt;: That's definitively not correct behavior. What version are you on? Can you give me exact steps to reproduce? ----- Original Message ----- > From: "Niko Köbler" <niko(a)n-k.de&gt; > To: "Stian Thorgersen" <stian(a)redhat.com&gt; > Cc: keycloak-user(a)lists.jboss.org > Sent: Thursday, 16 July, 2015 1:58:21 PM > Subject: Re: [keycloak-user] Login user action lifespan > > It is valid. > I can change my password again and again… > > >> Am 16.07.2015 um 13:49 schrieb Stian Thorgersen <stian(a)redhat.com&gt;: >> >> Does it seem that it is valid, or is it valid? It should only be usable >> once. >> >> ----- Original Message ----- >>> From: "Niko Köbler" <niko(a)n-k.de&gt; >>> To: keycloak-user(a)lists.jboss.org >>> Sent: Thursday, 16 July, 2015 1:45:43 PM >>> Subject: [keycloak-user] Login user action lifespan >>> >>> Hi, >>> >>> you can set the „login user action lifespan“ in realm settings for the >>> time >>> the link is valid for a user to set a password (or other tasks). >>> This link seems to be valid and working even if the user has clicked on it >>> and has done the tasks. >>> >>> Is it possible to configure this link to be valid only once during its >>> lifespan ? Or at least to be invalid as soon the user has set his >>> password/done the login actions? >>> Otherwise this link could be used to change the password again, after the >>> user has already set his password - possibly from third persons who got >>> known of this link. May be a security issue? >>> >>> Thanks & regards, >>> - Niko >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user > >