public boolean validatePassword(AuthenticationFlowContext context, UserModel user, MultivaluedMap<String, String> inputData) {
List<UserCredentialModel> credentials = new LinkedList<>();
String password = inputData.getFirst(CredentialRepresentation.PASSWORD);
if (password == null || password.isEmpty()) {
invalidPassword(context, user);
return false;
}
credentials.add(UserCredentialModel.password(password));
boolean valid = context.getSession().users().validCredentials(context.getRealm(), user, credentials);
if (!valid) {
invalidPassword(context, user);
return false;
}
return true;
}
Point me to the code?
On 11/20/2015 9:04 AM, Michael Gerber wrote:Hi All,keycloak does not pass an empty password to the validCredentials methodin the UserFederationProvider class.Is there a reason for that? I would like to authenticate against an ADeven if the password is empty, otherwise the user won't be blocked afterx attempts.Michael_______________________________________________keycloak-dev mailing listkeycloak-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev