[keycloak-user] Resetting password
Thomas Raehalme
thomas.raehalme at aitiofinland.com
Tue May 24 08:36:54 EDT 2016
Hi!
For security reasons I don't think Keycloak should reveal whether or not
the account exists. Instead the message shown to the user in response
should be something like "If the email address was found, you should soon
receive further instructions."
Best regards,
Thomas
On Tue, May 24, 2016 at 3:02 PM, Jayapriya Atheesan <
jayapriya.atheesan at gmail.com> wrote:
> Hi All,
>
> Any help would be appreciated.
>
> Thanks,
> Jayapriya Atheesan
>
> On Mon, May 23, 2016 at 12:10 PM, JAYAPRIYA ATHEESAN <
> jayapriya.atheesan at gmail.com> wrote:
>
>> Hi,
>>
>>
>>
>> When a user clicks on reset password/forget password and enters an email
>> id which is not registered with keycloak, it does not show any error.
>>
>> Is there any option to give an error message to the user saying “email id
>> doesn’t exist”.
>>
>> Note : We are using keycloak 1.6.0Final.
>>
>>
>>
>> Thanks,
>>
>> Jayapriya Atheesan
>>
>>
>>
>
>
>
> --
> *Regards,*
> Jayapriya Atheesan
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160524/14ebf058/attachment.html
More information about the keycloak-user
mailing list