[keycloak-user] Authentication flow wrong behaviour using custom Authenticator Implementation

alex orl alex_orl1079 at yahoo.it
Wed Nov 18 08:09:57 EST 2015 

Working on 1.5.0 keycloak final version i catched a bug related to consecutive logins.My use case was:
Configuration:
1) I've created a new realm, say "TestRealm"2) I've created 1 role: "testRole"3) I've created 2 users: "userTest1" and "userTest2"4) In the role mapping tab of each user i've assigned "testRole" to both of them5) In the credential tab of each user i've changed their pwd
Use case:1) I try to access the account application from: https://localhost:8444/auth/realms/TestRealm/account/2) I insert username: userTest1                pwd: (a wrong password)
Login page displays a tooltip saying "invalid username or password"
3) Withouth any page refreshing i try to login again with second user:             username: userTest2:             pwd: (whatever right or wrong password)
Keycloak catch an exception:The page displays:                                We're sorry ...                                Invalid username or password.                                 << Back to Application

Now i'm testing keycloak 1.6.1 final.
I realize that bug is solved but only using the standard org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.
Making Reference to chapter 33 of keycloak 1.6.1 reference guide, i developed my custom Authenticator. As Proof of Concepts i simply copied the UserPassworfForm code implementing a CustomUserPasswordForm.I ve implemented CustomUserPasswordFormFactory.I  tested again the previous use case in debug mode and i catched again the same error as in the 1.5.0 version.
In particular i realize that on the second login attempt the execution flow starts from the: UserFederationManager. validateAndProxyUser(RealmModel realm, UserModel user) methodwhen the right flow should begin from the action method of my CustomUserPasswordForm.Was this use case missed? Or am i doing something wrong?Thanks a lot.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151118/adbf31cc/attachment.html

More information about the keycloak-user mailing list