Minor improvements for kerberos

2015-03-12 09:11:29 +01:00 · 2015-03-12 09:11:29 +01:00 · c2f2c5ccb6
commit c2f2c5ccb6
parent 0e0181ced4
2 changed files with 6 additions and 4 deletions
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
@ -115,12 +115,14 @@ public class KerberosUsernamePasswordAuthenticator {
    protected String getKerberosPrincipal(String username) throws LoginException {
        if (username.contains("@")) {
            String[] tokens = username.split("@");
-            username = tokens[0];
+
            String kerberosRealm = tokens[1];
-            if (kerberosRealm.toUpperCase().equals(config.getKerberosRealm())) {
+            if (!kerberosRealm.toUpperCase().equals(config.getKerberosRealm())) {
                logger.warn("Invalid kerberos realm. Expected realm: " + config.getKerberosRealm() + ", username: " + username);
-                throw new LoginException("Invalid kerberos realm");
+                throw new LoginException("Client not found");
            }
+
+            username = tokens[0];
        }

        return username + "@" + config.getKerberosRealm();
--- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
@ -372,7 +372,7 @@ public class UserFederationManager implements UserProvider {
        for (UserCredentialModel cred : input) {
            UserFederationProvider providerSupportingCreds = null;

-            // Find provider, which supports required credential type
+            // Find first provider, which supports required credential type
            for (UserFederationProvider fedProvider : fedProviders) {
                if (fedProvider.getSupportedCredentialTypes().contains(cred.getType())) {
                    providerSupportingCreds = fedProvider;