When connected to LDAP in user federation, the only error message showing in login failure is "invalid username or password" in all different scenarios #48665
Unanswered
arunvk-crypto
asked this question in
Q&A
Replies: 1 comment 1 reply
-
|
Not releasing information about users and only displaying a generic "invalid username or password" is good practice in order to limit account enumeration attacks. I don't think Keycloak has custom messages for the cases you have mentioned; for LDAP, Keycloak would additionally require checking specific LDAP flags / attributes, as authentication is usually done through a simple "bind" operation with the username and password, and the server will likely just return a failure status, without flagging a specific reason. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
ok got it. Thanks |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
If the AD account of a web users requires them to reset their password. or the AD user is disabled in all there scenarios the login with keycloak will have to fail when using LDAP authentication. the login is failing but is all these cases the error message showing is "invalid username or password". is it possible to show an error message more specific to the situation from keycloak
Beta Was this translation helpful? Give feedback.
All reactions