From cb4a513e24a317402ca7c1042bb4f4f25706a122 Mon Sep 17 00:00:00 2001
From: R0Wi <ro.windey@gmail.com>
Date: Thu, 23 Dec 2021 16:16:49 +0100
Subject: [PATCH] Fail authenticate if credentialInput is not of type
 UserCredentialModel

Code fix inside LDAPStorageProvider.java:
return failed result if credential input object is not of expected type

Closes #11191
---
 .../java/org/keycloak/storage/ldap/LDAPStorageProvider.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
index 98b36d1231..a5b8f46f42 100755
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
@@ -718,7 +718,7 @@ public class LDAPStorageProvider implements UserStorageProvider,
 
     @Override
     public CredentialValidationOutput authenticate(RealmModel realm, CredentialInput cred) {
-        if (!(cred instanceof UserCredentialModel)) CredentialValidationOutput.failed();
+        if (!(cred instanceof UserCredentialModel)) return CredentialValidationOutput.failed();
         UserCredentialModel credential = (UserCredentialModel)cred;
         if (credential.getType().equals(UserCredentialModel.KERBEROS)) {
             if (kerberosConfig.isAllowKerberosAuthentication()) {