Display error if linking account with kerberos is unsuccessful
This commit is contained in:
parent
2b7c7f63b6
commit
205f7c5d6b
2 changed files with 17 additions and 8 deletions
|
@ -103,15 +103,23 @@ public class KerberosIdentityProvider extends AbstractIdentityProvider<KerberosI
|
|||
logger.trace("Sending back " + HttpHeaders.WWW_AUTHENTICATE + ": " + negotiateHeader);
|
||||
}
|
||||
|
||||
// Error page is rendered just if browser is unable to send Authorization header with SPNEGO token
|
||||
Response response = request.getSession().getProvider(LoginFormsProvider.class)
|
||||
Response response;
|
||||
LoginFormsProvider loginFormsProvider = request.getSession().getProvider(LoginFormsProvider.class)
|
||||
.setRealm(request.getRealm())
|
||||
.setUriInfo(request.getUriInfo())
|
||||
.setClient(request.getClientSession().getClient())
|
||||
.setStatus(Response.Status.UNAUTHORIZED);
|
||||
|
||||
if (request.getClientSession().getUserSession() == null) {
|
||||
// User not logged. Display HTML with login form as fallback if SPNEGO token not found
|
||||
response = loginFormsProvider.setClient(request.getClientSession().getClient())
|
||||
.setClientSessionCode(getRelayState(request))
|
||||
.setWarning("errorKerberosLogin")
|
||||
.setStatus(Response.Status.UNAUTHORIZED)
|
||||
.createLogin();
|
||||
} else {
|
||||
// User logged and linking account. Display HTML with error if SPNEGO token not found
|
||||
response = loginFormsProvider.setError("errorKerberosLinkAccount")
|
||||
.createErrorPage();
|
||||
}
|
||||
|
||||
response.getMetadata().putSingle(HttpHeaders.WWW_AUTHENTICATE, negotiateHeader);
|
||||
return AuthenticationResponse.fromResponse(response);
|
||||
|
|
|
@ -98,7 +98,8 @@ actionPasswordWarning=You need to change your password to activate your account.
|
|||
actionEmailWarning=You need to verify your email address to activate your account.
|
||||
actionFollow=Please fill in the fields below.
|
||||
|
||||
errorKerberosLogin=Unable to login with Kerberos. Request Kerberos ticket or use different login mechanism
|
||||
errorKerberosLogin=Kerberos ticket not available. Use different login mechanism
|
||||
errorKerberosLinkAccount=Kerberos ticket not available.
|
||||
|
||||
successHeader=Success!
|
||||
errorHeader=Error!
|
||||
|
|
Loading…
Reference in a new issue