Re: [keycloak-dev] no empty password in UserFederationProvider

AbstractUsernameFormAuthenticator.validatePassword public boolean validatePassword(AuthenticationFlowContext context, UserModel user, MultivaluedMap<String, String> inputData) { List<UserCredentialModel> credentials =new LinkedList<>(); String password = inputData.getFirst(CredentialRepresentation.PASSWORD); if (password ==null || password.isEmpty()) { invalidPassword(context, user); return false; } credentials.add(UserCredentialModel.password(password)); boolean valid = context.getSession().users().validCredentials(context.getRealm(), user, credentials); if (!valid) { invalidPassword(context, user); return false; } return true; } I think we can remove the first if (password == null || password.isEmpty()) Am 20. November 2015 um 16:11 schrieb Bill Burke <bburke(a)redhat.com&gt;: > Point me to the code? > > On 11/20/2015 9:04 AM, Michael Gerber wrote: >> Hi All, >> >> keycloak does not pass an empty password to the validCredentials method >> in the UserFederationProvider class. >> Is there a reason for that? I would like to authenticate against an AD >> even if the password is empty, otherwise the user won't be blocked after >> x attempts. >> >> Michael >> >> >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-dev