libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #3729 from mposolda/master

Browse source 
KEYCLOAK-4178 Bad error message when kerberos provider unavailable
This commit is contained in:
Marek Posolda 2017-01-09 18:31:49 +01:00 committed by GitHub
commit be4f2aff63
2 changed files with 32 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
View file

@ -99,7 +99,12 @@ public class KerberosUsernamePasswordAuthenticator {
}
protected void checkKerberosServerAvailable(LoginException le) {
if (le.getMessage().contains("Port Unreachable")) {
String message = le.getMessage().toUpperCase();
if (message.contains("PORT UNREACHABLE") ||
message.contains("CANNOT LOCATE") ||
message.contains("CANNOT CONTACT") ||
message.contains("CANNOT FIND") ||
message.contains("UNKNOWN ERROR")) {
throw new ModelException("Kerberos unreachable", le);
}
}

28
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java
View file

@ -25,9 +25,7 @@ import java.util.regex.Pattern;
import javax.ws.rs.core.Response;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.common.constants.KerberosConstants;
@ -37,6 +35,7 @@ import org.keycloak.federation.kerberos.KerberosConfig;
import org.keycloak.federation.kerberos.KerberosFederationProviderFactory;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.testsuite.util.KerberosRule;
@ -158,4 +157,29 @@ public class KerberosStandaloneTest extends AbstractKerberosTest {
testRealmResource().components().add(kerberosProvider);
}
/**
* KEYCLOAK-4178
*
* Assert it's handled when kerberos realm is unreachable
*
* @throws Exception
*/
@Test
public void handleUnknownKerberosRealm() throws Exception {
// Switch kerberos realm to "unavailable"
List<ComponentRepresentation> reps = testRealmResource().components().query("test", UserStorageProvider.class.getName());
org.keycloak.testsuite.Assert.assertEquals(1, reps.size());
ComponentRepresentation kerberosProvider = reps.get(0);
kerberosProvider.getConfig().putSingle(KerberosConstants.KERBEROS_REALM, "unavailable");
testRealmResource().components().component(kerberosProvider.getId()).update(kerberosProvider);
// Try register new user and assert it failed
UserRepresentation john = new UserRepresentation();
john.setUsername("john");
Response response = testRealmResource().users().create(john);
Assert.assertEquals(500, response.getStatus());
response.close();
}
}