<html><body><div>AbstractUsernameFormAuthenticator.validatePassword</div><div><br data-mce-bogus="1"></div><div><pre style="background-color: #2b2b2b; color: #a9b7c6; font-family: 'Courier New'; font-size: 9.0pt;" data-mce-style="background-color: #2b2b2b; color: #a9b7c6; font-family: 'Courier New'; font-size: 9.0pt;"><span style="color: #cc7832;" data-mce-style="color: #cc7832;">public boolean </span><span style="background-color: #344134;" data-mce-style="background-color: #344134;">validatePassword</span>(AuthenticationFlowContext context<span style="color: #cc7832;" data-mce-style="color: #cc7832;">, </span>UserModel user<span style="color: #cc7832;" data-mce-style="color: #cc7832;">, </span>MultivaluedMap<String<span style="color: #cc7832;" data-mce-style="color: #cc7832;">, </span>String> inputData) {<br> List<UserCredentialModel> credentials = <span style="color: #cc7832;" data-mce-style="color: #cc7832;">new </span>LinkedList<>()<span style="color: #cc7832;" data-mce-style="color: #cc7832;">;<br></span><span style="color: #cc7832;" data-mce-style="color: #cc7832;"> </span>String password = inputData.getFirst(CredentialRepresentation.<span style="color: #9876aa; font-style: italic;" data-mce-style="color: #9876aa; font-style: italic;">PASSWORD</span>)<span style="color: #cc7832;" data-mce-style="color: #cc7832;">;<br></span><span style="color: #cc7832;" data-mce-style="color: #cc7832;"> if </span>(password == <span style="color: #cc7832;" data-mce-style="color: #cc7832;">null </span>|| password.isEmpty()) {<br> invalidPassword(context<span style="color: #cc7832;" data-mce-style="color: #cc7832;">, </span>user)<span style="color: #cc7832;" data-mce-style="color: #cc7832;">;<br></span><span style="color: #cc7832;" data-mce-style="color: #cc7832;"> return false;<br></span><span style="color: #cc7832;" data-mce-style="color: #cc7832;"> </span>}<br> credentials.add(UserCredentialModel.<span style="font-style: italic;" data-mce-style="font-style: italic;">password</span>(password))<span style="color: #cc7832;" data-mce-style="color: #cc7832;">;<br></span><span style="color: #cc7832;" data-mce-style="color: #cc7832;"> boolean </span>valid = context.getSession().users().validCredentials(context.getRealm()<span style="color: #cc7832;" data-mce-style="color: #cc7832;">, </span>user<span style="color: #cc7832;" data-mce-style="color: #cc7832;">, </span>credentials)<span style="color: #cc7832;" data-mce-style="color: #cc7832;">;<br></span><span style="color: #cc7832;" data-mce-style="color: #cc7832;"> if </span>(!valid) {<br> invalidPassword(context<span style="color: #cc7832;" data-mce-style="color: #cc7832;">, </span>user)<span style="color: #cc7832;" data-mce-style="color: #cc7832;">;<br></span><span style="color: #cc7832;" data-mce-style="color: #cc7832;"> return false;<br></span><span style="color: #cc7832;" data-mce-style="color: #cc7832;"> </span>}<br> <span style="color: #cc7832;" data-mce-style="color: #cc7832;">return true;<br></span>}</pre></div><div></div><div>I think we can remove the first if (password == null || password.isEmpty())</div><div><br>Am 20. November 2015 um 16:11 schrieb Bill Burke <bburke@redhat.com>:<br><br></div><div><blockquote type="cite"><div class="msg-quote"><div class="_stretch"><span class="body-text-content">Point me to the code?<br><br>On 11/20/2015 9:04 AM, Michael Gerber wrote:<br><blockquote type="cite" class="quoted-plain-text">Hi All,</blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text">keycloak does not pass an empty password to the validCredentials method</blockquote><blockquote type="cite" class="quoted-plain-text">in the UserFederationProvider class.</blockquote><blockquote type="cite" class="quoted-plain-text">Is there a reason for that? I would like to authenticate against an AD</blockquote><blockquote type="cite" class="quoted-plain-text">even if the password is empty, otherwise the user won't be blocked after</blockquote><blockquote type="cite" class="quoted-plain-text">x attempts.</blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text">Michael</blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text">_______________________________________________</blockquote><blockquote type="cite" class="quoted-plain-text">keycloak-dev mailing list</blockquote><blockquote type="cite" class="quoted-plain-text"><a href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></blockquote><blockquote type="cite" class="quoted-plain-text"><a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" data-mce-href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><br>-- <br>Bill Burke<br>JBoss, a division of Red Hat<br><a href="http://bill.burkecentral.com" data-mce-href="http://bill.burkecentral.com">http://bill.burkecentral.com</a><br>_______________________________________________<br>keycloak-dev mailing list<br><a href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" data-mce-href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br></span></div></div></blockquote></div></body></html>