AbstractUsernameFormAuthenticator.validatePassword
public boolean validatePassword(AuthenticationFlowContext context, UserModel user, MultivaluedMap<String, String> inputData) { List<UserCredentialModel> credentials = new LinkedList<>(); String password = inputData.getFirst(CredentialRepresentation.PASSWORD); if (password == null || password.isEmpty()) { invalidPassword(context, user); return false; } credentials.add(UserCredentialModel.password(password)); boolean valid = context.getSession().users().validCredentials(context.getRealm(), user, credentials); if (!valid) { invalidPassword(context, user); return false; } return true; }I think we can remove the first if (password == null || password.isEmpty())Point me to the code?
On 11/20/2015 9:04 AM, Michael Gerber wrote:
Hi All,
keycloak does not pass an empty password to the validCredentials methodin the UserFederationProvider class.Is there a reason for that? I would like to authenticate against an ADeven if the password is empty, otherwise the user won't be blocked afterx attempts.
Michael
_______________________________________________keycloak-dev mailing listkeycloak-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________ keycloak-dev mailing list keycloak-dev@lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev