diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index bd512df..0d9c9db 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -551,7 +551,7 @@ public class AuthenticationManager {
credentials.add(UserCredentialModel.totp(totp));
}
- if (password == null && passwordToken == null) {
+ if ((password == null || password.isEmpty()) && (passwordToken == null || passwordToken.isEmpty())) {
logger.debug("Password not provided");
return AuthenticationStatus.MISSING_PASSWORD;
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
index 929029e..4af2a6c 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
@@ -203,6 +203,14 @@ public class FederationProvidersIntegrationTest {
}
@Test
+ public void loginLdapWithoutPassword() {
+ loginPage.open();
+ loginPage.login("john@email.org", "");
+
+ Assert.assertEquals("Invalid username or password.", loginPage.getError());
+ }
+
+ @Test
public void passwordChangeLdap() throws Exception {
changePasswordPage.open();
loginPage.login("johnkeycloak", "Password1");
