[keycloak-user] Resetting password
JAYAPRIYA ATHEESAN
jayapriya.atheesan at gmail.com
Wed May 25 04:02:55 EDT 2016
OK.. Thanks a lot..
Thanks,
Jayapriya Atheesan
From: Stian Thorgersen [mailto:sthorger at redhat.com]
Sent: Wednesday, May 25, 2016 12:00 PM
To: Thomas Raehalme
Cc: Jayapriya Atheesan; keycloak-user
Subject: Re: [keycloak-user] Resetting password
Yep, the result to the user is the same regardless if a user with the email exist. Same with the login screen it display invalid username or password, not just invalid username.
On 24 May 2016 at 14:36, Thomas Raehalme <thomas.raehalme at aitiofinland.com> wrote:
Hi!
For security reasons I don't think Keycloak should reveal whether or not the account exists. Instead the message shown to the user in response should be something like "If the email address was found, you should soon receive further instructions."
Best regards,
Thomas
On Tue, May 24, 2016 at 3:02 PM, Jayapriya Atheesan <jayapriya.atheesan at gmail.com> wrote:
Hi All,
Any help would be appreciated.
Thanks,
Jayapriya Atheesan
On Mon, May 23, 2016 at 12:10 PM, JAYAPRIYA ATHEESAN <jayapriya.atheesan at gmail.com> wrote:
Hi,
When a user clicks on reset password/forget password and enters an email id which is not registered with keycloak, it does not show any error.
Is there any option to give an error message to the user saying “email id doesn’t exist”.
Note : We are using keycloak 1.6.0Final.
Thanks,
Jayapriya Atheesan
--
Regards,
Jayapriya Atheesan
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160525/e4344590/attachment.html
More information about the keycloak-user
mailing list