private void onCache(RealmModel realm, UserAdapter adapter, UserModel delegate) { ((OnUserCache)getDelegate()).onCache(realm, adapter, delegate); ((OnUserCache)session.userCredentialManager()).onCache(realm, adapter, delegate); }
@Override public boolean isValid(RealmModel realm, UserModel user, CredentialInput input) { if (!(input instanceof UserCredentialModel)) return false; if (input.getType().equals(UserCredentialModel.PASSWORD) && !session.userCredentialManager().isConfiguredLocally(realm, user, UserCredentialModel.PASSWORD)) { return validPassword(user.getUsername(), ((UserCredentialModel)input).getValue()); } else { return false; // invalid cred type } }
/** * Override the validate password so we transfer password validation result into the authentication flow context. * <p> * TODO: Discuss issue with keycloak development team and send a patch. */ @Override public boolean validatePassword(AuthenticationFlowContext context, UserModel user, MultivaluedMap<String, String> inputData) { List<CredentialInput> credentials = new LinkedList<>(); String password = inputData.getFirst(CredentialRepresentation.PASSWORD); // Patched PasswordUserCredentialModel credentialModel = UserCredentialModel.password(password); AuthenticatorUtil.readScope(context) .ifPresent(s -> credentialModel.setNote(Constants.CUSTOM_SCOPE_NOTE_KEY, s)); credentials.add(credentialModel); if (password != null && !password.isEmpty() && context.getSession().userCredentialManager().isValid(context.getRealm(), user, credentials)) { AuthenticatorUtil.addMainSecretToUserSession(userSecretAdapter, context, user, credentialModel); return true; } else { context.getEvent().user(user); context.getEvent().error(Errors.INVALID_USER_CREDENTIALS); Response challengeResponse = invalidCredentials(context); context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challengeResponse); context.clearUser(); return false; } } }
if (user != null) { UserCredentialModel credentialModel = "serviceaccount".equals(user.getFirstAttribute("authenticationType")) ? createServiceAccountUserCredential(password) : UserCredentialModel.password(password); if (keycloakSession.userCredentialManager().isValid(realm, user, credentialModel)) { authenticatedUser = new UserDataImpl(user.getId(), user.getUsername(), user.getGroups().stream().map(GroupModel::getName).collect(Collectors.toSet())); authenticated = true;
@Override public void authenticate(AuthenticationFlowContext context) { UserCredentialModel credentialModel = passwordAndScope(context); boolean valid = context.getSession().userCredentialManager().isValid(context.getRealm(), context.getUser(), new CredentialInput[] { credentialModel }); if (!valid) { context.getEvent().user(context.getUser()); context.getEvent().error("invalid_user_credentials"); Response challengeResponse = this.errorResponse(Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials"); context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse); } else { AuthenticatorUtil.addMainSecretToUserSession(userSecretAdapter, context, context.getUser(), credentialModel); context.success(); } }