Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-1973

failed authentication: USER_CONFLICT

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: 1.5.1.Final
    • Fix Version/s: 1.6.0.Final
    • Component/s: None
    • Labels:
      None

      Description

      I get the following error if I try to login as user1 with a wrong password and then as user2 with a correct password.

      2015-10-15 09:05:58,605 ERROR [org.keycloak.authentication.AuthenticationProcessor] (default task-24) failed authentication: USER_CONFLICT: org.keycloak.authentication.AuthenticationFlowException
      at org.keycloak.authentication.AuthenticationProcessor.setAutheticatedUser(AuthenticationProcessor.java:203) [keycloak-services-1.6.0.Final-SNAPSHOT.jar:1.6.0.Final-SNAPSHOT]
      at org.keycloak.authentication.AuthenticationProcessor$Result.setUser(AuthenticationProcessor.java:332) [keycloak-services-1.6.0.Final-SNAPSHOT.jar:1.6.0.Final-SNAPSHOT]

      I think you should not set the authenticated user before you have validated the password. Isn't it a bit dangerous if the authenticated user is set even if the entered password is wrong?

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                stianst Stian Thorgersen
                Reporter:
                gerbermichi Michael Gerber
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: