[jira] [Commented] (CLOUDSTACK-9976) Redirect saml2 failed login message to a configurable URL

Mon, 01 Oct 2018 09:42:12 -0700 


    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634300#comment-16634300
 ] 

ASF GitHub Bot commented on CLOUDSTACK-9976:
--------------------------------------------

rafaelweingartner commented on a change in pull request #2185: CLOUDSTACK-9976: 
Redirect saml2 failed login message to a configurable URL
URL: https://github.com/apache/cloudstack/pull/2185#discussion_r221677314
 
 

 ##########
 File path: 
plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
 ##########
 @@ -329,6 +333,24 @@ public String authenticate(final String command, final 
Map<String, Object[]> par
                 params, responseType));
     }
 
+    /**
+     * If it fails to authenticate the user, the method gets the value from 
configuration
+     * Saml2FailedLoginRedirectUrl; if the user configured an error URL then 
it redirects to that
+     * URL, otherwise it throws the ServerApiException
+     */
+    protected void whenFailToAuthenticateThrowExceptionOrRedirectToUrl(final 
Map<String, Object[]> params, final String responseType, final 
HttpServletResponse resp, Issuer issuer,
+            UserAccount userAccount) throws IOException {
+        if (userAccount == null || userAccount.getExternalEntity() == null || 
!_samlAuthManager.isUserAuthorized(userAccount.getId(), issuer.getValue())) {
+            String saml2FailedLoginRedirectUrl = 
(String)getConfigKeys()[0].value();
 
 Review comment:
   What about using `Saml2FailedLoginRedirectUrl.value()` instead of 
`getConfigKeys()[0].value()`?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Redirect saml2 failed login message to a configurable URL
> ---------------------------------------------------------
>
>                 Key: CLOUDSTACK-9976
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9976
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Gabriel Beims Bräscher
>            Assignee: Gabriel Beims Bräscher
>            Priority: Minor
>             Fix For: 4.10.1.0
>
>         Attachments: samlLoginResponse.png
>
>
> When a user fails to authenticate with SAML2, it returns an error page 
> showing the content of the attached image.
> To make it more user-friendly and customizable, one could configure a 
> desirable URL to redirect when such authentication failure happens.
> This ticket proposes a global settings variable 
> (saml2.failed.login.redirect.url). If null, the SAML2 authentication flow 
> does not change from the current; however, if the user configures an URL then 
> ACS redirects to that URL.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to