keycloak-scim/securing_apps/topics/saml/java/error_handling.adoc
2017-08-28 20:10:09 +02:00

42 lines
1.2 KiB
Text

==== Error Handling
{project_name} has some error handling facilities for servlet based client adapters.
When an error is encountered in authentication, the client adapter will call `HttpServletResponse.sendError()`.
You can set up an `error-page` within your `web.xml` file to handle the error however you want.
The client adapter can throw 400, 401, 403, and 500 errors.
[source,xml]
----
<error-page>
<error-code>403</error-code>
<location>/ErrorHandler</location>
</error-page>
----
The client adapter also sets an `HttpServletRequest` attribute that you can retrieve.
The attribute name is `org.keycloak.adapters.spi.AuthenticationError`.
Typecast this object to: `org.keycloak.adapters.saml.SamlAuthenticationError`.
This class can tell you exactly what happened.
If this attribute is not set, then the adapter was not responsible for the error code.
[source,javascript]
----
public class SamlAuthenticationError implements AuthenticationError {
public static enum Reason {
EXTRACTION_FAILURE,
INVALID_SIGNATURE,
ERROR_STATUS
}
public Reason getReason() {
return reason;
}
public StatusResponseType getStatus() {
return status;
}
}
----