Try getting the Authenticator to work without the federation provider
first, then work from there. Isolate the problem.
On 11/18/2015 9:52 AM, alex orl wrote:
Another helpulf element in order to reproduce this use case is that
this
behaviour occurs only when i set my CustomUserFederation Provider...
Now i d like to know:
What is the right value the UserModel validateAndProxy(RealmModel realm,
UserModel local) of UserFederationProvider has to return when:
1) user is present on my custom db but password is wrong
2) user doesn't exist
Maybe the problem could be there.
Thanks
Il Mercoledì 18 Novembre 2015 14:09, alex orl <alex_orl1079(a)yahoo.it> ha
scritto:
Working on 1.5.0 keycloak final version i catched a bug related to
consecutive logins.
My use case was:
Configuration:
1) I've created a new realm, say "TestRealm"
2) I've created 1 role: "testRole"
3) I've created 2 users: "userTest1" and "userTest2"
4) In the role mapping tab of each user i've assigned "testRole" to both
of them
5) In the credential tab of each user i've changed their pwd
Use case:
1) I try to access the account application from:
https://localhost:8444/auth/realms/TestRealm/account/
<
https://localhost:8444/auth/realms/PROVA/account/>
2) I insert username: userTest1
pwd: (a wrong password)
Login page displays a tooltip saying "invalid username or password"
3) Withouth any page refreshing i try to login again with second user:
username: userTest2:
pwd: (whatever right or wrong password)
Keycloak catch an exception:
The page displays:
We're sorry ...
Invalid username or password.
<< Back to Application
Now i'm testing keycloak 1.6.1 final.
I realize that bug is solved but only using the
standard org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.
Making Reference to chapter 33 of keycloak 1.6.1 reference guide, i
developed my custom Authenticator. As Proof of Concepts i simply copied
the UserPassworfForm code implementing a CustomUserPasswordForm.
I ve implemented CustomUserPasswordFormFactory.
I tested again the previous use case in debug mode and i catched again
the same error as in the 1.5.0 version.
In particular i realize that on the second login attempt the execution
flow starts from the:
UserFederationManager. validateAndProxyUser(RealmModel realm, UserModel
user) method
when the right flow should begin from the action method of my
CustomUserPasswordForm.
Was this use case missed? Or am i doing something wrong?
Thanks a lot.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com