libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Display error if linking account with kerberos is unsuccessful

Browse source
This commit is contained in:
mposolda 2015-02-12 10:48:09 +01:00
parent 2b7c7f63b6
commit 205f7c5d6b
2 changed files with 17 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
broker/kerberos/src/main/java/org/keycloak/broker/kerberos/KerberosIdentityProvider.java
View file

@ -103,15 +103,23 @@ public class KerberosIdentityProvider extends AbstractIdentityProvider<KerberosI
logger.trace("Sending back " + HttpHeaders.WWW_AUTHENTICATE + ": " + negotiateHeader); logger.trace("Sending back " + HttpHeaders.WWW_AUTHENTICATE + ": " + negotiateHeader);
} }
// Error page is rendered just if browser is unable to send Authorization header with SPNEGO token Response response;
Response response = request.getSession().getProvider(LoginFormsProvider.class) LoginFormsProvider loginFormsProvider = request.getSession().getProvider(LoginFormsProvider.class)
.setRealm(request.getRealm()) .setRealm(request.getRealm())
.setUriInfo(request.getUriInfo()) .setUriInfo(request.getUriInfo())
.setClient(request.getClientSession().getClient()) .setStatus(Response.Status.UNAUTHORIZED);
.setClientSessionCode(getRelayState(request))
.setWarning("errorKerberosLogin") if (request.getClientSession().getUserSession() == null) {
.setStatus(Response.Status.UNAUTHORIZED) // User not logged. Display HTML with login form as fallback if SPNEGO token not found
.createLogin(); response = loginFormsProvider.setClient(request.getClientSession().getClient())
.setClientSessionCode(getRelayState(request))
.setWarning("errorKerberosLogin")
.createLogin();
} else {
// User logged and linking account. Display HTML with error if SPNEGO token not found
response = loginFormsProvider.setError("errorKerberosLinkAccount")
.createErrorPage();
}
response.getMetadata().putSingle(HttpHeaders.WWW_AUTHENTICATE, negotiateHeader); response.getMetadata().putSingle(HttpHeaders.WWW_AUTHENTICATE, negotiateHeader);
return AuthenticationResponse.fromResponse(response); return AuthenticationResponse.fromResponse(response);

3
forms/common-themes/src/main/resources/theme/login/base/messages/messages.properties
View file

@ -98,7 +98,8 @@ actionPasswordWarning=You need to change your password to activate your account.
actionEmailWarning=You need to verify your email address to activate your account. actionEmailWarning=You need to verify your email address to activate your account.
actionFollow=Please fill in the fields below. actionFollow=Please fill in the fields below.
errorKerberosLogin=Unable to login with Kerberos. Request Kerberos ticket or use different login mechanism errorKerberosLogin=Kerberos ticket not available. Use different login mechanism
errorKerberosLinkAccount=Kerberos ticket not available.
successHeader=Success! successHeader=Success!
errorHeader=Error! errorHeader=Error!