Open
Description
Description
This is umbrella for address the issues related to user enumeration.
User enumeration allows to figure if particular users exists in Keycloak for instance by monitoring that some requests are longer for existing users rather than for non-existing users.
In general, the priority of username enumeration is questionable as nowadays lots of deployments use "Username first" approach (like Keycloak UsernameForm authenticator), which allows by design to see if particular user exists or not (and note that similar is for instance used by Google by default as well). However for some deployments, this could be a concern.
### Tasks
- [ ] #12298
- [ ] #26625
- [ ] https://github.com/keycloak/keycloak/issues/37229