[keycloak-dev] AbstractUsernameFormAuthenticator validateUserAndPassword process
Ariel Carrera
carreraariel at gmail.com
Wed Mar 30 11:40:10 EDT 2016
Hi, I am developing a Federation Provider, and I have a question...
Why the method () checks if the user "is enabled" after validate the
password instead of before of the password validation?
AbstractUsernameFormAuthenticator.validateUserAndPassword: line 141/151
...
if (invalidUser(context, user)){
return false;
}
* if (!validatePassword(context, user, inputData)){*
* return false;*
* }*
* if(!enabledUser(context, user)){*
* return false;*
* }*
...
If the user is disabled... why validate his password and return a password
validation error message?
--
Ariel Carrera
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160330/8e217f74/attachment-0001.html
More information about the keycloak-dev
mailing list