Display error if linking account with kerberos is unsuccessful

This commit is contained in:
mposolda 2015-02-12 10:48:09 +01:00
parent 2b7c7f63b6
commit 205f7c5d6b
2 changed files with 17 additions and 8 deletions

View file

@ -103,15 +103,23 @@ public class KerberosIdentityProvider extends AbstractIdentityProvider<KerberosI
logger.trace("Sending back " + HttpHeaders.WWW_AUTHENTICATE + ": " + negotiateHeader); logger.trace("Sending back " + HttpHeaders.WWW_AUTHENTICATE + ": " + negotiateHeader);
} }
// Error page is rendered just if browser is unable to send Authorization header with SPNEGO token Response response;
Response response = request.getSession().getProvider(LoginFormsProvider.class) LoginFormsProvider loginFormsProvider = request.getSession().getProvider(LoginFormsProvider.class)
.setRealm(request.getRealm()) .setRealm(request.getRealm())
.setUriInfo(request.getUriInfo()) .setUriInfo(request.getUriInfo())
.setClient(request.getClientSession().getClient()) .setStatus(Response.Status.UNAUTHORIZED);
if (request.getClientSession().getUserSession() == null) {
// User not logged. Display HTML with login form as fallback if SPNEGO token not found
response = loginFormsProvider.setClient(request.getClientSession().getClient())
.setClientSessionCode(getRelayState(request)) .setClientSessionCode(getRelayState(request))
.setWarning("errorKerberosLogin") .setWarning("errorKerberosLogin")
.setStatus(Response.Status.UNAUTHORIZED)
.createLogin(); .createLogin();
} else {
// User logged and linking account. Display HTML with error if SPNEGO token not found
response = loginFormsProvider.setError("errorKerberosLinkAccount")
.createErrorPage();
}
response.getMetadata().putSingle(HttpHeaders.WWW_AUTHENTICATE, negotiateHeader); response.getMetadata().putSingle(HttpHeaders.WWW_AUTHENTICATE, negotiateHeader);
return AuthenticationResponse.fromResponse(response); return AuthenticationResponse.fromResponse(response);

View file

@ -98,7 +98,8 @@ actionPasswordWarning=You need to change your password to activate your account.
actionEmailWarning=You need to verify your email address to activate your account. actionEmailWarning=You need to verify your email address to activate your account.
actionFollow=Please fill in the fields below. actionFollow=Please fill in the fields below.
errorKerberosLogin=Unable to login with Kerberos. Request Kerberos ticket or use different login mechanism errorKerberosLogin=Kerberos ticket not available. Use different login mechanism
errorKerberosLinkAccount=Kerberos ticket not available.
successHeader=Success! successHeader=Success!
errorHeader=Error! errorHeader=Error!