diff --git a/src/main/java/org/github/flytreeleft/nexus3/keycloak/plugin/internal/NexusKeycloakClient.java b/src/main/java/org/github/flytreeleft/nexus3/keycloak/plugin/internal/NexusKeycloakClient.java
index a13db9c..d1b9757 100644
--- a/src/main/java/org/github/flytreeleft/nexus3/keycloak/plugin/internal/NexusKeycloakClient.java
+++ b/src/main/java/org/github/flytreeleft/nexus3/keycloak/plugin/internal/NexusKeycloakClient.java
@@ -66,18 +66,26 @@ public boolean authenticate(UsernamePasswordToken token) {
     public boolean authenticate(KeycloakHttpHeaderAuthToken token) {
         String principal = token.getPrincipal();
         String credentials = token.getCredentials().toString();
+        boolean authenticated = false;
 
         UserInfo userInfo = this.keycloakAdminClient.obtainUserInfo(credentials);
         if (userInfo == null) {
             return false;
         }
-
+        authenticated = userInfo.getPreferredUsername().equals(principal);
+        this.logger.info("principal is {} while pun is {}, so auth result is {}",
+                             principal,
+                             userInfo.getPreferredUsername(),
+                             authenticated);
+
+        if (authenticated) {
+            return authenticated;
+        }
         boolean isEmail = this.keycloakAdminClient.isEmail(principal);
         if (isEmail) {
             return userInfo.getEmailVerified() && principal.equals(userInfo.getEmail());
         }
-
-        return userInfo.getPreferredUsername().equals(principal);
+        return authenticated;
     }
 
     public Set<String> findRoleIdsByUserId(String userId) {