[keycloak-user] Resetting password

Stian Thorgersen sthorger at redhat.com
Wed May 25 02:29:48 EDT 2016


Yep, the result to the user is the same regardless if a user with the email
exist. Same with the login screen it display invalid username or password,
not just invalid username.

On 24 May 2016 at 14:36, Thomas Raehalme <thomas.raehalme at aitiofinland.com>
wrote:

> Hi!
>
> For security reasons I don't think Keycloak should reveal whether or not
> the account exists. Instead the message shown to the user in response
> should be something like "If the email address was found, you should soon
> receive further instructions."
>
> Best regards,
> Thomas
>
>
> On Tue, May 24, 2016 at 3:02 PM, Jayapriya Atheesan <
> jayapriya.atheesan at gmail.com> wrote:
>
>> Hi All,
>>
>> Any help would be appreciated.
>>
>> Thanks,
>> Jayapriya Atheesan
>>
>> On Mon, May 23, 2016 at 12:10 PM, JAYAPRIYA ATHEESAN <
>> jayapriya.atheesan at gmail.com> wrote:
>>
>>> Hi,
>>>
>>>
>>>
>>> When a user clicks on reset password/forget password and enters an email
>>> id which is not registered with keycloak, it does not show any error.
>>>
>>> Is there any option to give an error message to the user saying “email
>>> id doesn’t exist”.
>>>
>>> Note : We are using keycloak 1.6.0Final.
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Jayapriya Atheesan
>>>
>>>
>>>
>>
>>
>>
>> --
>> *Regards,*
>> Jayapriya Atheesan
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160525/4721bf34/attachment-0001.html 


More information about the keycloak-user mailing list