[keycloak-user] Authentication flow wrong behaviour using custom Authenticator Implementation

Bill Burke bburke at redhat.com
Wed Nov 18 10:03:08 EST 2015 

Try getting the Authenticator to work without the federation provider 
first, then work from there.  Isolate the problem.

On 11/18/2015 9:52 AM, alex orl wrote:
> Another helpulf element in order to reproduce this use case is that this
> behaviour occurs only when i set my CustomUserFederation Provider...
> Now i d like to know:
> What is the right value the UserModel validateAndProxy(RealmModel realm,
> UserModel local) of UserFederationProvider has to return when:
> 1) user is present on my custom db but password is wrong
> 2) user doesn't exist
>
> Maybe the problem could be there.
> Thanks
>
>
>
> Il Mercoledì 18 Novembre 2015 14:09, alex orl <alex_orl1079 at yahoo.it> ha
> scritto:
>
>
> Working on 1.5.0 keycloak final version i catched a bug related to
> consecutive logins.
> My use case was:
>
> Configuration:
> 1) I've created a new realm, say "TestRealm"
> 2) I've created 1 role: "testRole"
> 3) I've created 2 users: "userTest1" and "userTest2"
> 4) In the role mapping tab of each user i've assigned "testRole" to both
> of them
> 5) In the credential tab of each user i've changed their pwd
>
> Use case:
> 1) I try to access the account application from:
> https://localhost:8444/auth/realms/TestRealm/account/
> <https://localhost:8444/auth/realms/PROVA/account/>
> 2) I insert username: userTest1
>                  pwd: (a wrong password)
>
> Login page displays a tooltip saying "invalid username or password"
>
> 3) Withouth any page refreshing i try to login again with second user:
>               username: userTest2:
>               pwd: (whatever right or wrong password)
>
> Keycloak catch an exception:
> The page displays:
>                                  We're sorry ...
>                                  Invalid username or password.
>                                   << Back to Application
>
>
> Now i'm testing keycloak 1.6.1 final.
>
> I realize that bug is solved but only using the
> standard org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.
>
> Making Reference to chapter 33 of keycloak 1.6.1 reference guide, i
> developed my custom Authenticator. As Proof of Concepts i simply copied
> the UserPassworfForm code implementing a CustomUserPasswordForm.
> I ve implemented CustomUserPasswordFormFactory.
> I  tested again the previous use case in debug mode and i catched again
> the same error as in the 1.5.0 version.
>
> In particular i realize that on the second login attempt the execution
> flow starts from the:
> UserFederationManager. validateAndProxyUser(RealmModel realm, UserModel
> user) method
> when the right flow should begin from the action method of my
> CustomUserPasswordForm.
> Was this use case missed? Or am i doing something wrong?
> Thanks a lot.
>
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list