keycloak-scim/docs/guides/securing-apps/partials/saml/error_handling.adoc

43 lines
1.2 KiB
Text
Raw Normal View History

2016-06-02 16:07:45 +00:00
== Error Handling
2016-06-02 16:07:45 +00:00
2017-08-28 12:50:14 +00:00
{project_name} has some error handling facilities for servlet based client adapters.
2016-06-02 21:33:28 +00:00
When an error is encountered in authentication, the client adapter will call `HttpServletResponse.sendError()`.
You can set up an `error-page` within your `web.xml` file to handle the error however you want.
2017-03-24 16:47:12 +00:00
The client adapter can throw 400, 401, 403, and 500 errors.
2016-06-02 16:07:45 +00:00
[source,xml]
----
<error-page>
2017-03-24 16:47:12 +00:00
<error-code>403</error-code>
2016-06-02 16:07:45 +00:00
<location>/ErrorHandler</location>
</error-page>
----
2016-06-02 21:33:28 +00:00
The client adapter also sets an `HttpServletRequest` attribute that you can retrieve.
2016-06-02 16:07:45 +00:00
The attribute name is `org.keycloak.adapters.spi.AuthenticationError`.
Typecast this object to: `org.keycloak.adapters.saml.SamlAuthenticationError`.
This class can tell you exactly what happened.
If this attribute is not set, then the adapter was not responsible for the error code.
2018-02-08 21:09:26 +00:00
[source,java]
2016-06-02 16:07:45 +00:00
----
public class SamlAuthenticationError implements AuthenticationError {
public static enum Reason {
EXTRACTION_FAILURE,
INVALID_SIGNATURE,
ERROR_STATUS
}
public Reason getReason() {
return reason;
}
public StatusResponseType getStatus() {
return status;
}
}
----
2017-03-23 17:30:35 +00:00