Use specific error message from required actions for SamlProtocol if available
Closes #34514 Signed-off-by: vramik <vramik@redhat.com>
This commit is contained in:
parent
36b01cbea0
commit
d853dcab7d
9 changed files with 11 additions and 20 deletions
|
@ -84,11 +84,7 @@ public interface LoginProtocol extends Provider {
|
||||||
|
|
||||||
Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx);
|
Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx);
|
||||||
|
|
||||||
Response sendError(AuthenticationSessionModel authSession, Error error);
|
Response sendError(AuthenticationSessionModel authSession, Error error, String errorMessage);
|
||||||
|
|
||||||
default Response sendError(AuthenticationSessionModel authSession, Error error, String errorMessage) {
|
|
||||||
return sendError(authSession, error);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns client data, which will be wrapped in the "clientData" parameter sent within "authentication flow" requests. The purpose of clientData is to be able to send HTTP error
|
* Returns client data, which will be wrapped in the "clientData" parameter sent within "authentication flow" requests. The purpose of clientData is to be able to send HTTP error
|
||||||
|
|
|
@ -648,7 +648,7 @@ public class AuthenticationProcessor {
|
||||||
.setHttpHeaders(getHttpRequest().getHttpHeaders())
|
.setHttpHeaders(getHttpRequest().getHttpHeaders())
|
||||||
.setUriInfo(getUriInfo())
|
.setUriInfo(getUriInfo())
|
||||||
.setEventBuilder(event);
|
.setEventBuilder(event);
|
||||||
Response response = protocol.sendError(getAuthenticationSession(), Error.CANCELLED_BY_USER);
|
Response response = protocol.sendError(getAuthenticationSession(), Error.CANCELLED_BY_USER, null);
|
||||||
forceChallenge(response);
|
forceChallenge(response);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -124,14 +124,14 @@ public abstract class AuthorizationEndpointBase {
|
||||||
return challenge;
|
return challenge;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return protocol.sendError(authSession, Error.PASSIVE_LOGIN_REQUIRED);
|
return protocol.sendError(authSession, Error.PASSIVE_LOGIN_REQUIRED, null);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
AuthenticationManager.setClientScopesInSession(session, authSession);
|
AuthenticationManager.setClientScopesInSession(session, authSession);
|
||||||
|
|
||||||
if (processor.nextRequiredAction() != null) {
|
if (processor.nextRequiredAction() != null) {
|
||||||
return protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED);
|
return protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
|
|
@ -145,7 +145,7 @@ public class DockerAuthV2Protocol implements LoginProtocol {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Response sendError(final AuthenticationSessionModel clientSession, final LoginProtocol.Error error) {
|
public Response sendError(final AuthenticationSessionModel clientSession, final LoginProtocol.Error error, String errorMessage) {
|
||||||
return new ResponseBuilderImpl().status(Response.Status.INTERNAL_SERVER_ERROR).build();
|
return new ResponseBuilderImpl().status(Response.Status.INTERNAL_SERVER_ERROR).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -340,11 +340,6 @@ public class OIDCLoginProtocol implements LoginProtocol {
|
||||||
return Boolean.valueOf(Optional.ofNullable(client.getAttribute(OIDCConfigAttributes.ID_TOKEN_AS_DETACHED_SIGNATURE)).orElse(Boolean.FALSE.toString())).booleanValue();
|
return Boolean.valueOf(Optional.ofNullable(client.getAttribute(OIDCConfigAttributes.ID_TOKEN_AS_DETACHED_SIGNATURE)).orElse(Boolean.FALSE.toString())).booleanValue();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public Response sendError(AuthenticationSessionModel authSession, Error error) {
|
|
||||||
return sendError(authSession, error, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Response sendError(AuthenticationSessionModel authSession, Error error, String errorMessage) {
|
public Response sendError(AuthenticationSessionModel authSession, Error error, String errorMessage) {
|
||||||
if (isOAuth2DeviceVerificationFlow(authSession)) {
|
if (isOAuth2DeviceVerificationFlow(authSession)) {
|
||||||
|
|
|
@ -219,7 +219,7 @@ public class SamlProtocol implements LoginProtocol {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Response sendError(AuthenticationSessionModel authSession, Error error) {
|
public Response sendError(AuthenticationSessionModel authSession, Error error, String errorMessage) {
|
||||||
try {
|
try {
|
||||||
ClientModel client = authSession.getClient();
|
ClientModel client = authSession.getClient();
|
||||||
|
|
||||||
|
@ -233,7 +233,7 @@ public class SamlProtocol implements LoginProtocol {
|
||||||
URI redirect = builder.buildFromMap(params);
|
URI redirect = builder.buildFromMap(params);
|
||||||
return Response.status(302).location(redirect).build();
|
return Response.status(302).location(redirect).build();
|
||||||
} else {
|
} else {
|
||||||
return ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, translateErrorToIdpInitiatedErrorMessage(error));
|
return ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, errorMessage != null ? errorMessage : translateErrorToIdpInitiatedErrorMessage(error));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
return samlErrorMessage(
|
return samlErrorMessage(
|
||||||
|
|
|
@ -1311,7 +1311,7 @@ public class AuthenticationManager {
|
||||||
.setHttpHeaders(context.getHttpRequest().getHttpHeaders())
|
.setHttpHeaders(context.getHttpRequest().getHttpHeaders())
|
||||||
.setUriInfo(context.getUriInfo())
|
.setUriInfo(context.getUriInfo())
|
||||||
.setEventBuilder(event);
|
.setEventBuilder(event);
|
||||||
Response response = protocol.sendError(context.getAuthenticationSession(), Error.CONSENT_DENIED);
|
Response response = protocol.sendError(context.getAuthenticationSession(), Error.CONSENT_DENIED, null);
|
||||||
event.error(Errors.REJECTED_BY_USER);
|
event.error(Errors.REJECTED_BY_USER);
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1207,7 +1207,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
.setHttpHeaders(headers)
|
.setHttpHeaders(headers)
|
||||||
.setUriInfo(session.getContext().getUri())
|
.setUriInfo(session.getContext().getUri())
|
||||||
.setEventBuilder(event);
|
.setEventBuilder(event);
|
||||||
return protocol.sendError(authSession, error);
|
return protocol.sendError(authSession, error, null);
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -925,7 +925,7 @@ public class LoginActionsService {
|
||||||
.setHttpHeaders(headers)
|
.setHttpHeaders(headers)
|
||||||
.setUriInfo(session.getContext().getUri())
|
.setUriInfo(session.getContext().getUri())
|
||||||
.setEventBuilder(event);
|
.setEventBuilder(event);
|
||||||
return protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED);
|
return protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED, null);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return challenge;
|
return challenge;
|
||||||
|
@ -1014,7 +1014,7 @@ public class LoginActionsService {
|
||||||
.setHttpHeaders(headers)
|
.setHttpHeaders(headers)
|
||||||
.setUriInfo(session.getContext().getUri())
|
.setUriInfo(session.getContext().getUri())
|
||||||
.setEventBuilder(event);
|
.setEventBuilder(event);
|
||||||
Response response = protocol.sendError(authSession, Error.CONSENT_DENIED);
|
Response response = protocol.sendError(authSession, Error.CONSENT_DENIED, null);
|
||||||
event.error(Errors.REJECTED_BY_USER);
|
event.error(Errors.REJECTED_BY_USER);
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue