How to disable disableCheckUsername in Portal

Document ID:  TEC1592122
Last Modified Date:  06/19/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details


  • CA API Developer Portal


  • CA API Developer Portal:Release:3.5



Any person who got access to portal URL can collect data regarding portal users. 

Without any credentials, an attaker can use /register/check/username API, that returns 

"The name seenu is already in use, please choose something else" 

in case when use is already exists. 


Use the GUI to edit the file. 

1. In a browser use http://<portal>/admin (login using admin account) 

2. click on workspace --> Content items --> System --> conf 

3. Choose the edit button next to properties.xml 

4. Change <Property name="disableCheckUsername" value="no" /> 


<Property name="disableCheckUsername" value="yes" /> 

5. Choose Save 

6. To publish this file, click on the green arrow next to properties.xml 

7. restart portal (service apiportal restart) 

Now check http://<portal>/register/check/username?username=admin 

This will throw a page cannot be displayed error.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255


Not what you were looking for?

Search Again >

Product Information

Support by Product >


Join a Community >