diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
index c36694c..1acf907 100644
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
@@ -99,7 +99,12 @@ public class KerberosUsernamePasswordAuthenticator {
}
protected void checkKerberosServerAvailable(LoginException le) {
- if (le.getMessage().contains("Port Unreachable")) {
+ String message = le.getMessage().toUpperCase();
+ if (message.contains("PORT UNREACHABLE") ||
+ message.contains("CANNOT LOCATE") ||
+ message.contains("CANNOT CONTACT") ||
+ message.contains("CANNOT FIND") ||
+ message.contains("UNKNOWN ERROR")) {
throw new ModelException("Kerberos unreachable", le);
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java
index 9ed0cc9..8cdb9bf 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java
@@ -25,9 +25,7 @@ import java.util.regex.Pattern;
import javax.ws.rs.core.Response;
-import org.junit.After;
import org.junit.Assert;
-import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.common.constants.KerberosConstants;
@@ -37,6 +35,7 @@ import org.keycloak.federation.kerberos.KerberosConfig;
import org.keycloak.federation.kerberos.KerberosFederationProviderFactory;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.testsuite.util.KerberosRule;
@@ -158,4 +157,29 @@ public class KerberosStandaloneTest extends AbstractKerberosTest {
testRealmResource().components().add(kerberosProvider);
}
+
+ /**
+ * KEYCLOAK-4178
+ *
+ * Assert it's handled when kerberos realm is unreachable
+ *
+ * @throws Exception
+ */
+ @Test
+ public void handleUnknownKerberosRealm() throws Exception {
+ // Switch kerberos realm to "unavailable"
+ List<ComponentRepresentation> reps = testRealmResource().components().query("test", UserStorageProvider.class.getName());
+ org.keycloak.testsuite.Assert.assertEquals(1, reps.size());
+ ComponentRepresentation kerberosProvider = reps.get(0);
+ kerberosProvider.getConfig().putSingle(KerberosConstants.KERBEROS_REALM, "unavailable");
+ testRealmResource().components().component(kerberosProvider.getId()).update(kerberosProvider);
+
+ // Try register new user and assert it failed
+ UserRepresentation john = new UserRepresentation();
+ john.setUsername("john");
+ Response response = testRealmResource().users().create(john);
+ Assert.assertEquals(500, response.getStatus());
+ response.close();
+ }
+
}
