Use specific error message from required actions for SamlProtocol if available
Closes #34514 Signed-off-by: vramik <vramik@redhat.com>
This commit is contained in:
vramik
Pedro Igor
parent
36b01cbea0
commit
d853dcab7d
9 changed files with 11 additions and 20 deletions
|
|
@ -84,11 +84,7 @@ public interface LoginProtocol extends Provider {
|
|||
|
||||
Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx);
|
||||
|
||||
Response sendError(AuthenticationSessionModel authSession, Error error);
|
||||
|
||||
default Response sendError(AuthenticationSessionModel authSession, Error error, String errorMessage) {
|
||||
return sendError(authSession, error);
|
||||
}
|
||||
Response sendError(AuthenticationSessionModel authSession, Error error, String errorMessage);
|
||||
|
||||
/**
|
||||
* Returns client data, which will be wrapped in the "clientData" parameter sent within "authentication flow" requests. The purpose of clientData is to be able to send HTTP error
|
||||
|
|
|
|||
|
|
@ -648,7 +648,7 @@ public class AuthenticationProcessor {
|
|||
.setHttpHeaders(getHttpRequest().getHttpHeaders())
|
||||
.setUriInfo(getUriInfo())
|
||||
.setEventBuilder(event);
|
||||
Response response = protocol.sendError(getAuthenticationSession(), Error.CANCELLED_BY_USER);
|
||||
Response response = protocol.sendError(getAuthenticationSession(), Error.CANCELLED_BY_USER, null);
|
||||
forceChallenge(response);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -124,14 +124,14 @@ public abstract class AuthorizationEndpointBase {
|
|||
return challenge;
|
||||
}
|
||||
else {
|
||||
return protocol.sendError(authSession, Error.PASSIVE_LOGIN_REQUIRED);
|
||||
return protocol.sendError(authSession, Error.PASSIVE_LOGIN_REQUIRED, null);
|
||||
}
|
||||
}
|
||||
|
||||
AuthenticationManager.setClientScopesInSession(session, authSession);
|
||||
|
||||
if (processor.nextRequiredAction() != null) {
|
||||
return protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED);
|
||||
return protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED, null);
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ public class DockerAuthV2Protocol implements LoginProtocol {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Response sendError(final AuthenticationSessionModel clientSession, final LoginProtocol.Error error) {
|
||||
public Response sendError(final AuthenticationSessionModel clientSession, final LoginProtocol.Error error, String errorMessage) {
|
||||
return new ResponseBuilderImpl().status(Response.Status.INTERNAL_SERVER_ERROR).build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -340,11 +340,6 @@ public class OIDCLoginProtocol implements LoginProtocol {
|
|||
return Boolean.valueOf(Optional.ofNullable(client.getAttribute(OIDCConfigAttributes.ID_TOKEN_AS_DETACHED_SIGNATURE)).orElse(Boolean.FALSE.toString())).booleanValue();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response sendError(AuthenticationSessionModel authSession, Error error) {
|
||||
return sendError(authSession, error, null);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response sendError(AuthenticationSessionModel authSession, Error error, String errorMessage) {
|
||||
if (isOAuth2DeviceVerificationFlow(authSession)) {
|
||||
|
|
|
|||
|
|
@ -219,7 +219,7 @@ public class SamlProtocol implements LoginProtocol {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Response sendError(AuthenticationSessionModel authSession, Error error) {
|
||||
public Response sendError(AuthenticationSessionModel authSession, Error error, String errorMessage) {
|
||||
try {
|
||||
ClientModel client = authSession.getClient();
|
||||
|
||||
|
|
@ -233,7 +233,7 @@ public class SamlProtocol implements LoginProtocol {
|
|||
URI redirect = builder.buildFromMap(params);
|
||||
return Response.status(302).location(redirect).build();
|
||||
} else {
|
||||
return ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, translateErrorToIdpInitiatedErrorMessage(error));
|
||||
return ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, errorMessage != null ? errorMessage : translateErrorToIdpInitiatedErrorMessage(error));
|
||||
}
|
||||
} else {
|
||||
return samlErrorMessage(
|
||||
|
|
|
|||
|
|
@ -1311,7 +1311,7 @@ public class AuthenticationManager {
|
|||
.setHttpHeaders(context.getHttpRequest().getHttpHeaders())
|
||||
.setUriInfo(context.getUriInfo())
|
||||
.setEventBuilder(event);
|
||||
Response response = protocol.sendError(context.getAuthenticationSession(), Error.CONSENT_DENIED);
|
||||
Response response = protocol.sendError(context.getAuthenticationSession(), Error.CONSENT_DENIED, null);
|
||||
event.error(Errors.REJECTED_BY_USER);
|
||||
return response;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1207,7 +1207,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
|||
.setHttpHeaders(headers)
|
||||
.setUriInfo(session.getContext().getUri())
|
||||
.setEventBuilder(event);
|
||||
return protocol.sendError(authSession, error);
|
||||
return protocol.sendError(authSession, error, null);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -925,7 +925,7 @@ public class LoginActionsService {
|
|||
.setHttpHeaders(headers)
|
||||
.setUriInfo(session.getContext().getUri())
|
||||
.setEventBuilder(event);
|
||||
return protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED);
|
||||
return protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED, null);
|
||||
}
|
||||
}
|
||||
return challenge;
|
||||
|
|
@ -1014,7 +1014,7 @@ public class LoginActionsService {
|
|||
.setHttpHeaders(headers)
|
||||
.setUriInfo(session.getContext().getUri())
|
||||
.setEventBuilder(event);
|
||||
Response response = protocol.sendError(authSession, Error.CONSENT_DENIED);
|
||||
Response response = protocol.sendError(authSession, Error.CONSENT_DENIED, null);
|
||||
event.error(Errors.REJECTED_BY_USER);
|
||||
return response;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue