diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java index c36694c070..1acf907f95 100644 --- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java +++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java @@ -99,7 +99,12 @@ public class KerberosUsernamePasswordAuthenticator { } protected void checkKerberosServerAvailable(LoginException le) { - if (le.getMessage().contains("Port Unreachable")) { + String message = le.getMessage().toUpperCase(); + if (message.contains("PORT UNREACHABLE") || + message.contains("CANNOT LOCATE") || + message.contains("CANNOT CONTACT") || + message.contains("CANNOT FIND") || + message.contains("UNKNOWN ERROR")) { throw new ModelException("Kerberos unreachable", le); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java index 9ed0cc9909..8cdb9bf699 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java @@ -25,9 +25,7 @@ import java.util.regex.Pattern; import javax.ws.rs.core.Response; -import org.junit.After; import org.junit.Assert; -import org.junit.Before; import org.junit.ClassRule; import org.junit.Test; import org.keycloak.common.constants.KerberosConstants; @@ -37,6 +35,7 @@ import org.keycloak.federation.kerberos.KerberosConfig; import org.keycloak.federation.kerberos.KerberosFederationProviderFactory; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.representations.idm.ComponentRepresentation; +import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.UserStorageProviderModel; import org.keycloak.testsuite.util.KerberosRule; @@ -158,4 +157,29 @@ public class KerberosStandaloneTest extends AbstractKerberosTest { testRealmResource().components().add(kerberosProvider); } + + /** + * KEYCLOAK-4178 + * + * Assert it's handled when kerberos realm is unreachable + * + * @throws Exception + */ + @Test + public void handleUnknownKerberosRealm() throws Exception { + // Switch kerberos realm to "unavailable" + List reps = testRealmResource().components().query("test", UserStorageProvider.class.getName()); + org.keycloak.testsuite.Assert.assertEquals(1, reps.size()); + ComponentRepresentation kerberosProvider = reps.get(0); + kerberosProvider.getConfig().putSingle(KerberosConstants.KERBEROS_REALM, "unavailable"); + testRealmResource().components().component(kerberosProvider.getId()).update(kerberosProvider); + + // Try register new user and assert it failed + UserRepresentation john = new UserRepresentation(); + john.setUsername("john"); + Response response = testRealmResource().users().create(john); + Assert.assertEquals(500, response.getStatus()); + response.close(); + } + }