Using PAP with a configured RADIUS password results in Access-Accept for any value

Question

Using PAP with a configured RADIUS password results in Access-Accept for any value

xorrkaz opened this issue 2 years ago · 0 comments

Describe the bug
I'm using v1.3.8 of the plugin with KC 16.1.0, and if I configure a user to have a RADIUS password and I try and authentication as that user, I can specify any password and I get an Access-Accept. If I use CHAP or if I delete the RADIUS password (thus using the user's Keycloak password) I get expected behavior (i.e., only the correct password results in an Access-Accept).

I've tried 19 and the 1.4.8 of the plugin, but then I run into issue #698.

To Reproduce
Steps to reproduce the behavior:

Configure a user in a realm in Keycloak
Make them set a RADIUS password
Authenticate as that user using the wrong password and the PAP protocol
See that the user gets an Access-Accept

Expected behavior
I expect to get an Access-Reject.