cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-9976) Redirect saml2 failed login message to a configurable URL
Date Mon, 01 Oct 2018 16:42:00 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634300#comment-16634300
] 

ASF GitHub Bot commented on CLOUDSTACK-9976:
--------------------------------------------

rafaelweingartner commented on a change in pull request #2185: CLOUDSTACK-9976: Redirect saml2
failed login message to a configurable URL
URL: https://github.com/apache/cloudstack/pull/2185#discussion_r221677314
 
 

 ##########
 File path: plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
 ##########
 @@ -329,6 +333,24 @@ public String authenticate(final String command, final Map<String,
Object[]> par
                 params, responseType));
     }
 
+    /**
+     * If it fails to authenticate the user, the method gets the value from configuration
+     * Saml2FailedLoginRedirectUrl; if the user configured an error URL then it redirects
to that
+     * URL, otherwise it throws the ServerApiException
+     */
+    protected void whenFailToAuthenticateThrowExceptionOrRedirectToUrl(final Map<String,
Object[]> params, final String responseType, final HttpServletResponse resp, Issuer issuer,
+            UserAccount userAccount) throws IOException {
+        if (userAccount == null || userAccount.getExternalEntity() == null || !_samlAuthManager.isUserAuthorized(userAccount.getId(),
issuer.getValue())) {
+            String saml2FailedLoginRedirectUrl = (String)getConfigKeys()[0].value();
 
 Review comment:
   What about using `Saml2FailedLoginRedirectUrl.value()` instead of `getConfigKeys()[0].value()`?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Redirect saml2 failed login message to a configurable URL
> ---------------------------------------------------------
>
>                 Key: CLOUDSTACK-9976
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9976
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Gabriel Beims Bräscher
>            Assignee: Gabriel Beims Bräscher
>            Priority: Minor
>             Fix For: 4.10.1.0
>
>         Attachments: samlLoginResponse.png
>
>
> When a user fails to authenticate with SAML2, it returns an error page showing the content
of the attached image.
> To make it more user-friendly and customizable, one could configure a desirable URL to
redirect when such authentication failure happens.
> This ticket proposes a global settings variable (saml2.failed.login.redirect.url). If
null, the SAML2 authentication flow does not change from the current; however, if the user
configures an URL then ACS redirects to that URL.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message