Another helpulf element in order to reproduce this use case is that this behaviour occurs only when i set my CustomUserFederation Provider...
Now i d like to know:
What is the right value the UserModel validateAndProxy(RealmModel realm, UserModel local) of UserFederationProvider has to return when:
1) user is present on my custom db but password is wrong
2) user doesn't exist

Maybe the problem could be there.
Thanks



Il Mercoledì 18 Novembre 2015 14:09, alex orl <alex_orl1079@yahoo.it> ha scritto:


Working on 1.5.0 keycloak final version i catched a bug related to consecutive logins.
My use case was:

Configuration:
1) I've created a new realm, say "TestRealm"
2) I've created 1 role: "testRole"
3) I've created 2 users: "userTest1" and "userTest2"
4) In the role mapping tab of each user i've assigned "testRole" to both of them
5) In the credential tab of each user i've changed their pwd

Use case:
1) I try to access the account application from: https://localhost:8444/auth/realms/TestRealm/account/
2) I insert username: userTest1
                pwd: (a wrong password)

Login page displays a tooltip saying "invalid username or password"

3) Withouth any page refreshing i try to login again with second user:
             username: userTest2:
             pwd: (whatever right or wrong password)

Keycloak catch an exception:
The page displays:
                                We're sorry ...
                                Invalid username or password.
                                 << Back to Application


Now i'm testing keycloak 1.6.1 final.

I realize that bug is solved but only using the standard org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.

Making Reference to chapter 33 of keycloak 1.6.1 reference guide, i developed my custom Authenticator. As Proof of Concepts i simply copied the UserPassworfForm code implementing a CustomUserPasswordForm.
I ve implemented CustomUserPasswordFormFactory.
I  tested again the previous use case in debug mode and i catched again the same error as in the 1.5.0 version.

In particular i realize that on the second login attempt the execution flow starts from the: UserFederationManager. validateAndProxyUser(RealmModel realm, UserModel user) method
when the right flow should begin from the action method of my CustomUserPasswordForm.
Was this use case missed? Or am i doing something wrong?
Thanks a lot.