libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-16381: error text moved to constants file

Browse source
This commit is contained in:
nkkumawat 2020-11-18 20:22:42 +05:30 committed by Hynek Mlnařík
parent 43e075afa5
commit 43baf1bea7
3 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
server-spi-private/src/main/java/org/keycloak/events/Errors.java
View file

@ -94,5 +94,9 @@ public interface Errors {
String ILLEGAL_ORIGIN = "illegal_origin";
String DISPLAY_UNSUPPORTED = "display_unsupported";
String LOGOUT_FAILED = "logout_failed";
String INVALID_DESTINATION = "invalid_destination";
String MISSING_REQUIRED_DESTINATION = "missing_required_destination";
String INVALID_SAML_DOCUMENT = "invalid_saml_document";
String UNSUPPORTED_NAMEID_FORMAT = "unsupported_nameid_format";
}

10
services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
View file

@ -259,13 +259,13 @@ public class SAMLEndpoint {
// validate destination
if (requestAbstractType.getDestination() == null && containsUnencryptedSignature(holder)) {
event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
event.detail(Details.REASON, "missing_required_destination");
event.detail(Details.REASON, Errors.MISSING_REQUIRED_DESTINATION);
event.error(Errors.INVALID_REQUEST);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}
if (! destinationValidator.validate(session.getContext().getUri().getAbsolutePath(), requestAbstractType.getDestination())) {
event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
event.detail(Details.REASON, "invalid_destination");
event.detail(Details.REASON, Errors.INVALID_DESTINATION);
event.error(Errors.INVALID_SAML_RESPONSE);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}
@ -517,7 +517,7 @@ public class SAMLEndpoint {
SAMLDocumentHolder holder = extractResponseDocument(samlResponse);
if (holder == null) {
event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
event.detail(Details.REASON, "invalid_saml_document");
event.detail(Details.REASON, Errors.INVALID_SAML_DOCUMENT);
event.error(Errors.INVALID_SAML_RESPONSE);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_FEDERATED_IDENTITY_ACTION);
}
@ -525,13 +525,13 @@ public class SAMLEndpoint {
// validate destination
if (statusResponse.getDestination() == null && containsUnencryptedSignature(holder)) {
event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
event.detail(Details.REASON, "missing_required_destination");
event.detail(Details.REASON, Errors.MISSING_REQUIRED_DESTINATION);
event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}
if (! destinationValidator.validate(session.getContext().getUri().getAbsolutePath(), statusResponse.getDestination())) {
event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
event.detail(Details.REASON, "invalid_destination");
event.detail(Details.REASON, Errors.INVALID_DESTINATION);
event.error(Errors.INVALID_SAML_RESPONSE);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}

12
services/src/main/java/org/keycloak/protocol/saml/SamlService.java
View file

@ -147,7 +147,7 @@ public class SamlService extends AuthorizationEndpointBase {
SAMLDocumentHolder holder = extractResponseDocument(samlResponse);
if (! (holder.getSamlObject() instanceof StatusResponseType)) {
event.detail(Details.REASON, "invalid_saml_response");
event.detail(Details.REASON, Errors.INVALID_SAML_RESPONSE);
event.error(Errors.INVALID_SAML_RESPONSE);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}
@ -155,12 +155,12 @@ public class SamlService extends AuthorizationEndpointBase {
StatusResponseType statusResponse = (StatusResponseType) holder.getSamlObject();
// validate destination
if (statusResponse.getDestination() == null && containsUnencryptedSignature(holder)) {
event.detail(Details.REASON, "missing_required_destination");
event.detail(Details.REASON, Errors.MISSING_REQUIRED_DESTINATION);
event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}
if (! destinationValidator.validate(this.getExpectedDestinationUri(session), statusResponse.getDestination())) {
event.detail(Details.REASON, "invalid_destination");
event.detail(Details.REASON, Errors.INVALID_DESTINATION);
event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}
@ -269,7 +269,7 @@ public class SamlService extends AuthorizationEndpointBase {
logger.debug("verified request");
if (requestAbstractType.getDestination() == null && containsUnencryptedSignature(documentHolder)) {
event.detail(Details.REASON, "missing_required_destination");
event.detail(Details.REASON, Errors.MISSING_REQUIRED_DESTINATION);
event.error(Errors.INVALID_REQUEST);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}
@ -343,7 +343,7 @@ public class SamlService extends AuthorizationEndpointBase {
if (isSupportedNameIdFormat(nameIdFormat)) {
authSession.setClientNote(GeneralConstants.NAMEID_FORMAT, nameIdFormat);
} else {
event.detail(Details.REASON, "unsupported_nameid_format");
event.detail(Details.REASON, Errors.UNSUPPORTED_NAMEID_FORMAT);
event.error(Errors.INVALID_SAML_AUTHN_REQUEST);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.UNSUPPORTED_NAME_ID_FORMAT);
}
@ -508,7 +508,7 @@ public class SamlService extends AuthorizationEndpointBase {
return false;
}
if (! destinationValidator.validate(this.getExpectedDestinationUri(session), req.getDestination())) {
event.detail(Details.REASON, "invalid_destination");
event.detail(Details.REASON, Errors.INVALID_DESTINATION);
event.error(errorCode);
return false;
}