public static PasswordUserCredentialModel password(String password) { return password(password, false); }
@GET @Path("/valid-credentials") @Produces(MediaType.APPLICATION_JSON) public boolean validCredentials(@QueryParam("realmName") String realmName, @QueryParam("userName") String userName, @QueryParam("password") String password) { RealmModel realm = session.realms().getRealm(realmName); if (realm == null) return false; UserProvider userProvider = session.getProvider(UserProvider.class); UserModel user = userProvider.getUserByUsername(userName, realm); return userProvider.validCredentials(session, realm, user, UserCredentialModel.password(password)); }
private UserCredentialModel passwordAndScope(AuthenticationFlowContext context){ String password = this.retrievePassword(context); UserCredentialModel credentialModel = UserCredentialModel.password(password); Optional<String> scope = AuthenticatorUtil.readScope(context); scope.ifPresent(s -> credentialModel.setNote(Constants.CUSTOM_SCOPE_NOTE_KEY, s)); return credentialModel; } }
/** * Override the validate password so we transfer password validation result into the authentication flow context. * <p> * TODO: Discuss issue with keycloak development team and send a patch. */ @Override public boolean validatePassword(AuthenticationFlowContext context, UserModel user, MultivaluedMap<String, String> inputData) { List<CredentialInput> credentials = new LinkedList<>(); String password = inputData.getFirst(CredentialRepresentation.PASSWORD); // Patched PasswordUserCredentialModel credentialModel = UserCredentialModel.password(password); AuthenticatorUtil.readScope(context) .ifPresent(s -> credentialModel.setNote(Constants.CUSTOM_SCOPE_NOTE_KEY, s)); credentials.add(credentialModel); if (password != null && !password.isEmpty() && context.getSession().userCredentialManager().isValid(context.getRealm(), user, credentials)) { AuthenticatorUtil.addMainSecretToUserSession(userSecretAdapter, context, user, credentialModel); return true; } else { context.getEvent().user(user); context.getEvent().error(Errors.INVALID_USER_CREDENTIALS); Response challengeResponse = invalidCredentials(context); context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challengeResponse); context.clearUser(); return false; } } }
final UserModel user = keycloakSession.userStorageManager().getUserByUsername(username, realm); if (user != null) { UserCredentialModel credentialModel = "serviceaccount".equals(user.getFirstAttribute("authenticationType")) ? createServiceAccountUserCredential(password) : UserCredentialModel.password(password); if (keycloakSession.userCredentialManager().isValid(realm, user, credentialModel)) { authenticatedUser = new UserDataImpl(user.getId(), user.getUsername(), user.getGroups().stream().map(GroupModel::getName).collect(Collectors.toSet()));