[keycloak-user] Authentication flow wrong behaviour using custom Authenticator Implementation
alex orl
alex_orl1079 at yahoo.it
Wed Nov 18 09:52:34 EST 2015
Another helpulf element in order to reproduce this use case is that this behaviour occurs only when i set my CustomUserFederation Provider...
Now i d like to know:What is the right value the UserModel validateAndProxy(RealmModel realm, UserModel local) of UserFederationProvider has to return when:1) user is present on my custom db but password is wrong2) user doesn't exist
Maybe the problem could be there.Thanks
Il Mercoledì 18 Novembre 2015 14:09, alex orl <alex_orl1079 at yahoo.it> ha scritto:
Working on 1.5.0 keycloak final version i catched a bug related to consecutive logins.My use case was:
Configuration:
1) I've created a new realm, say "TestRealm"2) I've created 1 role: "testRole"3) I've created 2 users: "userTest1" and "userTest2"4) In the role mapping tab of each user i've assigned "testRole" to both of them5) In the credential tab of each user i've changed their pwd
Use case:1) I try to access the account application from: https://localhost:8444/auth/realms/TestRealm/account/2) I insert username: userTest1 pwd: (a wrong password)
Login page displays a tooltip saying "invalid username or password"
3) Withouth any page refreshing i try to login again with second user: username: userTest2: pwd: (whatever right or wrong password)
Keycloak catch an exception:The page displays: We're sorry ... Invalid username or password. << Back to Application
Now i'm testing keycloak 1.6.1 final.
I realize that bug is solved but only using the standard org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.
Making Reference to chapter 33 of keycloak 1.6.1 reference guide, i developed my custom Authenticator. As Proof of Concepts i simply copied the UserPassworfForm code implementing a CustomUserPasswordForm.I ve implemented CustomUserPasswordFormFactory.I tested again the previous use case in debug mode and i catched again the same error as in the 1.5.0 version.
In particular i realize that on the second login attempt the execution flow starts from the: UserFederationManager. validateAndProxyUser(RealmModel realm, UserModel user) methodwhen the right flow should begin from the action method of my CustomUserPasswordForm.Was this use case missed? Or am i doing something wrong?Thanks a lot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151118/8b960337/attachment-0001.html
More information about the keycloak-user
mailing list