User feedback on the Forgot Password page about the existence of a user

Can the “Forgot Password” page be configured in such a way that the user receives feedback as to whether a username / email address has been entered that belongs to an existing account in the keycloak realm?

The default behavior seems to be to show the following green message no matter what is entered in the input field:


I am aware that you may not want to have this behavior for security reasons. But is it still possible to configure?

You would have to customize the Authenticator in the “Reset Credentials” flow, but yes, you could do this. Looks like the email gets sent and the message gets set here: keycloak/ at main · keycloak/keycloak · GitHub