Display error if linking account with kerberos is unsuccessful
This commit is contained in:
parent
2b7c7f63b6
commit
205f7c5d6b
2 changed files with 17 additions and 8 deletions
|
@ -103,15 +103,23 @@ public class KerberosIdentityProvider extends AbstractIdentityProvider<KerberosI
|
||||||
logger.trace("Sending back " + HttpHeaders.WWW_AUTHENTICATE + ": " + negotiateHeader);
|
logger.trace("Sending back " + HttpHeaders.WWW_AUTHENTICATE + ": " + negotiateHeader);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Error page is rendered just if browser is unable to send Authorization header with SPNEGO token
|
Response response;
|
||||||
Response response = request.getSession().getProvider(LoginFormsProvider.class)
|
LoginFormsProvider loginFormsProvider = request.getSession().getProvider(LoginFormsProvider.class)
|
||||||
.setRealm(request.getRealm())
|
.setRealm(request.getRealm())
|
||||||
.setUriInfo(request.getUriInfo())
|
.setUriInfo(request.getUriInfo())
|
||||||
.setClient(request.getClientSession().getClient())
|
.setStatus(Response.Status.UNAUTHORIZED);
|
||||||
|
|
||||||
|
if (request.getClientSession().getUserSession() == null) {
|
||||||
|
// User not logged. Display HTML with login form as fallback if SPNEGO token not found
|
||||||
|
response = loginFormsProvider.setClient(request.getClientSession().getClient())
|
||||||
.setClientSessionCode(getRelayState(request))
|
.setClientSessionCode(getRelayState(request))
|
||||||
.setWarning("errorKerberosLogin")
|
.setWarning("errorKerberosLogin")
|
||||||
.setStatus(Response.Status.UNAUTHORIZED)
|
|
||||||
.createLogin();
|
.createLogin();
|
||||||
|
} else {
|
||||||
|
// User logged and linking account. Display HTML with error if SPNEGO token not found
|
||||||
|
response = loginFormsProvider.setError("errorKerberosLinkAccount")
|
||||||
|
.createErrorPage();
|
||||||
|
}
|
||||||
|
|
||||||
response.getMetadata().putSingle(HttpHeaders.WWW_AUTHENTICATE, negotiateHeader);
|
response.getMetadata().putSingle(HttpHeaders.WWW_AUTHENTICATE, negotiateHeader);
|
||||||
return AuthenticationResponse.fromResponse(response);
|
return AuthenticationResponse.fromResponse(response);
|
||||||
|
|
|
@ -98,7 +98,8 @@ actionPasswordWarning=You need to change your password to activate your account.
|
||||||
actionEmailWarning=You need to verify your email address to activate your account.
|
actionEmailWarning=You need to verify your email address to activate your account.
|
||||||
actionFollow=Please fill in the fields below.
|
actionFollow=Please fill in the fields below.
|
||||||
|
|
||||||
errorKerberosLogin=Unable to login with Kerberos. Request Kerberos ticket or use different login mechanism
|
errorKerberosLogin=Kerberos ticket not available. Use different login mechanism
|
||||||
|
errorKerberosLinkAccount=Kerberos ticket not available.
|
||||||
|
|
||||||
successHeader=Success!
|
successHeader=Success!
|
||||||
errorHeader=Error!
|
errorHeader=Error!
|
||||||
|
|
Loading…
Reference in a new issue