[keycloak-user] Login user action lifespan
Stian Thorgersen
stian at redhat.com
Thu Jul 16 08:00:15 EDT 2015
That's definitively not correct behavior. What version are you on? Can you give me exact steps to reproduce?
----- Original Message -----
> From: "Niko Köbler" <niko at n-k.de>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Thursday, 16 July, 2015 1:58:21 PM
> Subject: Re: [keycloak-user] Login user action lifespan
>
> It is valid.
> I can change my password again and again…
>
>
> > Am 16.07.2015 um 13:49 schrieb Stian Thorgersen <stian at redhat.com>:
> >
> > Does it seem that it is valid, or is it valid? It should only be usable
> > once.
> >
> > ----- Original Message -----
> >> From: "Niko Köbler" <niko at n-k.de>
> >> To: keycloak-user at lists.jboss.org
> >> Sent: Thursday, 16 July, 2015 1:45:43 PM
> >> Subject: [keycloak-user] Login user action lifespan
> >>
> >> Hi,
> >>
> >> you can set the „login user action lifespan“ in realm settings for the
> >> time
> >> the link is valid for a user to set a password (or other tasks).
> >> This link seems to be valid and working even if the user has clicked on it
> >> and has done the tasks.
> >>
> >> Is it possible to configure this link to be valid only once during its
> >> lifespan ? Or at least to be invalid as soon the user has set his
> >> password/done the login actions?
> >> Otherwise this link could be used to change the password again, after the
> >> user has already set his password - possibly from third persons who got
> >> known of this link. May be a security issue?
> >>
> >> Thanks & regards,
> >> - Niko
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
More information about the keycloak-user
mailing list