Home > Enterprise >  Keycloak: Bypass an authenticator flow
Keycloak: Bypass an authenticator flow

Time:04-05

I have two UsernamePasswordForm classes as the authenticators

SampleUsernamePasswordForm and SecurityUsernamePasswordForm

If SampleUsernamePasswordForm is a success, there is no need to move to SecurityUsernamePasswordForm, but if there is any credential error, I want to bypass SampleUsernamePasswordForm authenticator and move to SecurityUsernamePasswordForm

Both are under ALTERNATIVE right now, which means if one if a failure, it should move to the next one

In SampleUsernamePasswordForm, I tried

if (!validateForm(context, formData)) {
        Response challengeResponse = challenge(context, getDefaultChallengeMessage(context), FIELD_PASSWORD);
        context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challengeResponse);
 }

and

if (!validateForm(context, formData)) {
        context.failure(AuthenticationFlowError.INVALID_CREDENTIALS);
 }

I thought calling context.failure on this would trigger SecurityUsernamePasswordForm, but it just shows error message on the same login form

Currently, I had to resort to where I had to place login from SecurityUsernamePasswordForm in SampleUsernamePasswordForm, which doesn't look neat. How do I skip to SecurityUsernamePasswordForm?

Also, for some reason, the SampleUsernamePasswordForm object is created 3-5 times before authenticate gets called , is this something which can happen with Authenticators?

CodePudding user response:

If that both executions are ALTERNATİVE, you would just call attempt
on SampleUsernamePasswordForm to just pass to next execution(SecurityUsernamePasswordForm). But just make sure that at-least one failure or success must be returned end of the flow.

  • Related