-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
Here at Instituto Superior Técnico we need to display different error messages for the user based not only on the global authentication process result, but on principal resolver result. This arises from the need to support Portuguese/European National Id Cards and the European eID Interoperability Platform (https://www.eid-stork.eu/) where citizens use their smartcards to perform a X.509 based authentication. The problem occurs when a user that is not previously registered on our systems (i.e. ldap) does the authentication correctly with his National Id Card, but we can't display a specific error message other than "the authentication failed". We would like to be able to tell the user "your authentication went fine, but we don't have your information registered on our systems" (i.e. the resolver can't find your principal). We would like to implement this feature (if possible) without changing CAS source code, using only its extension mechanisms, like we do with our custom authenticantion handlers. - From my analysis both failed authentication and failed principal resolution return a BadCredentialsAuthenticationException, which doesn't allow to distinguish between a bad authentication / missing principal. @ AuthenticationManagerImpl.java : if (foundSupported) { if (log.isDebugEnabled()) { log.debug("CredentialsToPrincipalResolver found but no principal returned."); } throw BadCredentialsAuthenticationException.ERROR; } The best solution I can think off (other than doing a principal resolve in an action handler...), is to add a different exception type like PrincipalNotFoundAuthenticationException, and handle it properly on login-webflow.xml, with a transition on-exception. Is this the best approach, or is there a straightforward solution for this? Thanks, Daniel Almeida System Administrator @ CIIST - Instituto Superior Técnico (Portugal) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwt6msACgkQ/OHAq1+3BPV1TgCeN/gA0GN0RCJ3K9XFr6Y1wj2R XvEAn3uevKibXc3tORfyDRZdgZkuFOcb =/182 -----END PGP SIGNATURE----- -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
