[keycloak-user] Differnentiate Login Error for Disabled Account (Version 3.4.3 Final)
Jerry Saravia
jerry.saravia at virginpulse.com
Thu Aug 30 17:01:28 EDT 2018
Yes. We've done this to some extent.
Look at the UsernamePasswordForm. You can create your own version of that class with its own Factory as well. Make sure to look at the ` AbstractUsernameFormAuthenticator` class. Then you can override the ` public boolean enabledUser` from the abstract class. In here you can do additional checks for the user and the conditions under which was disabled.
You'll probably have to disabledUser method and call setError with your own error string.
Jerry
Jerry Saravia
Software Engineer
M516-603-6914
virginpulse.com
|globalchallenge.virginpulse.com
492 Old Connecticut Path, Framingham, MA 01701, USA
Australia | Bosnia and Herzegovina | Brazil | Canada | Singapore | Switzerland | United Kingdom | USA
Confidentiality Notice: The information contained in this e-mail, including any attachment(s), is intended solely for use by the designated recipient(s). Unauthorized use, dissemination, distribution, or reproduction of this message by anyone other than the intended recipient(s), or a person designated as responsible for delivering such messages to the intended recipient, is strictly prohibited and may be unlawful. This e-mail may contain proprietary, confidential or privileged information. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Virgin Pulse, Inc. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message.
v2.10
On 8/30/18, 11:35, "Patrick Bucher" <patrick.bucher at peax.ch> wrote:
When a disabled user tries to login, he gets an error 400 Bad Request (error: "invalid_grant", error_description: "Account disabled"). However, in my project, there are multiple reasons for a user to be disabled, which are distinguishable by certain attributes I set to the user.
My goal is to create a Keycloak extension to customize the response based on those attributes, so that a different error message can be shown to the user. Providing a different value error_description would be a solution.
My question is: Is it possible to intercept that error message before it is sent to the client, and if so, what kind of SPI do I need to write to handle that?
I am using Keycloak version 3.4.3 Final.
Regards,
Patrick Bucher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image570773.png
Type: image/png
Size: 681 bytes
Desc: image570773.png
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180830/e1c0e0ae/attachment-0003.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image988200.png
Type: image/png
Size: 687 bytes
Desc: image988200.png
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180830/e1c0e0ae/attachment-0004.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image129016.png
Type: image/png
Size: 757 bytes
Desc: image129016.png
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180830/e1c0e0ae/attachment-0005.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image085525.jpg
Type: image/jpeg
Size: 21266 bytes
Desc: image085525.jpg
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180830/e1c0e0ae/attachment-0001.jpg
More information about the keycloak-user
mailing list