diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index 67e75702b7..4814f306fd 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -601,7 +601,7 @@ public class AuthenticationManager { credentials.add(UserCredentialModel.totp(totp)); } - if (password == null && passwordToken == null) { + if ((password == null || password.isEmpty()) && (passwordToken == null || passwordToken.isEmpty())) { logger.debug("Password not provided"); return AuthenticationStatus.MISSING_PASSWORD; } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java index 929029eef5..4af2a6c696 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java @@ -202,6 +202,14 @@ public class FederationProvidersIntegrationTest { Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); } + @Test + public void loginLdapWithoutPassword() { + loginPage.open(); + loginPage.login("john@email.org", ""); + + Assert.assertEquals("Invalid username or password.", loginPage.getError()); + } + @Test public void passwordChangeLdap() throws Exception { changePasswordPage.open();