I have a requirement to gracefully handle a failed delegated authentication scenario (from multiple providers). A specific example of this when a SAML IdP returns an AuthnFailed in the (SAML) response.
Based on my memory with 5.2 and 5.1 overlays, I would expect that, if configured correctly, I'd end up on the stopWebflow state when that happens. But if I am reading the 5.3.5 code and my logs correctly, it seems that the DelegatedClientAuthenticationAction is now just throwing in IllegalArgumentException back to the web flow, which results in the generic error page. That's not really what I want to show my users, especially when I need to give them a way back to the login page to try a different authN method and end up at the right service if the other attempt succeeds. Is there a preferred way to handle an exception like that now? I could just mod the generic error page to have a "go back to CAS login" link (like the stopWebflow error page does), but that's not ideal. Or I could write some custom code to inject a ExceptionHander into the clientAction state (which I'm not succeeding with at the moment; I can't get my WebflowConfigurer to run after the clientAction state has been created). Is there a reason why CAS doesn't seem to use the stopWebflow state to handle this any more? Thanks, Rich -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMYXOV9jf2bdAzXjpNA6JgxqmKfXpg49NWdFLt705nebUi4qKA%40mail.gmail.com.
