diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
index fa13622..ea3f953 100644
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
@@ -115,12 +115,14 @@ public class KerberosUsernamePasswordAuthenticator {
protected String getKerberosPrincipal(String username) throws LoginException {
if (username.contains("@")) {
String[] tokens = username.split("@");
- username = tokens[0];
+
String kerberosRealm = tokens[1];
- if (kerberosRealm.toUpperCase().equals(config.getKerberosRealm())) {
+ if (!kerberosRealm.toUpperCase().equals(config.getKerberosRealm())) {
logger.warn("Invalid kerberos realm. Expected realm: " + config.getKerberosRealm() + ", username: " + username);
- throw new LoginException("Invalid kerberos realm");
+ throw new LoginException("Client not found");
}
+
+ username = tokens[0];
}
return username + "@" + config.getKerberosRealm();
diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
index b4dba67..fe96e5a 100755
--- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
@@ -372,7 +372,7 @@ public class UserFederationManager implements UserProvider {
for (UserCredentialModel cred : input) {
UserFederationProvider providerSupportingCreds = null;
- // Find provider, which supports required credential type
+ // Find first provider, which supports required credential type
for (UserFederationProvider fedProvider : fedProviders) {
if (fedProvider.getSupportedCredentialTypes().contains(cred.getType())) {
providerSupportingCreds = fedProvider;
