Issue Description : 

Customer is using JBoss Application Server in domain mode and for authentication Oracle Internet Directory (LDAP).
The Elytron configuration (attached in file elytron-config.txt) works but if the user-account is locked, elytron returns a http 500. We think this should be a http 401 instead.
We Know, that elytron changed the behavior and return a 500, or internal server error, error code if that LDAP server is unreachable but in this case, LDAP is reachable and returns a valid return code so an internal server error is not the correct result.

In the attached file "elytron-bug.log" you can see a trace of the problem.

 
As we can also see in the JBoss server log , its giving verification error which is as expected and also for REST API returning status 500 .

Caused by: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.auth.server.RealmUnavailableException: ELY01153: Direct LDAP verification failed with DN [cn=jboss-test03,cn=Users,dc=kba,dc=de] and absolute DN [null]

And authentication verification failure messages:

2025-01-24 13:31:30,441 TRACE [org.wildfly.security.http] (default task-1) Authentication failed.: org.wildfly.security.http.HttpAuthenticationException: ELY06016: HTTP authentication failed validating request, no mechanisms remain to continue authentication.

2025-01-24 13:31:30,442 DEBUG [io.undertow.request.error-response] (default task-1) Setting error code 500 for exchange HttpServerExchange{ GET /ldap-test}: java.lang.RuntimeException
at io.undertow.core@2.3.14.SP2-redhat-00001//io.undertow.server.HttpServerExchange.setStatusCode(HttpServerExchange.java:1492)