<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px"><div id="yui_3_16_0_1_1445871439317_3237" dir="ltr"><span id="yui_3_16_0_1_1445871439317_3254">i agree but you know...if a single-sign-on server is used inside an enterprise cloud/environment, giving the possibility to handle authentication by a custom UserFederationProvider implementation, could be very frequent the need to have custom, and sometimes more meaningful, messages to send to users, not necessarily bringing in security leak.</span></div><div id="yui_3_16_0_1_1445871439317_3237" dir="ltr"><span id="yui_3_16_0_1_1445871439317_3606">thanks</span></div> <br><div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 13px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"> <font size="2" face="Arial"> Il Lunedì 26 Ottobre 2015 12:29, Marek Posolda <mposolda@redhat.com> ha scritto:<br> </font> </div> <br><br> <div class="y_msg_container"><div id="yiv0827877385"><div>
<div class="yiv0827877385moz-cite-prefix">ah, you want to display custom error
messages on login screen. It seems you may need to override the
UsernamePasswordForm . Take a look at Authentication SPI
documentation and examples for how to do it.<br clear="none">
<br clear="none">
Btv. not sure if it's very good to create custom messages based on
errors as it can give potential attacker some details about your
users. For example we always display "Invalid username or
password" error regardless if tried username exists or not, so the
attacked doesn't have possibility to "guess" usernames (Some sites
display "Invalid user" if username doesn't exist and "Invalid
password" if user exists, but password is incorrect. We display
single message in both cases).<br clear="none">
<br clear="none">
Marek<br clear="none">
<br clear="none">
On 26/10/15 11:32, alex orl wrote:<br clear="none">
</div>
<div class="yiv0827877385yqt6314743998" id="yiv0827877385yqt27979"><blockquote type="cite">
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div dir="ltr" id="yiv0827877385yui_3_16_0_1_1445854604267_4028">thanks for
your answer. Well, i suddenly tried your suggestion adding a
throw new ModelException("My message"); inside my provider
class.</div>
<div dir="ltr" id="yiv0827877385yui_3_16_0_1_1445854604267_4140">The
exception is thrown but the login page is redirected to the
standard error page just displaying the message:</div>
<div dir="ltr" id="yiv0827877385yui_3_16_0_1_1445854604267_4232"><br clear="none">
</div>
<div class="yiv0827877385" id="yiv0827877385kc-container">
<div class="yiv0827877385" id="yiv0827877385kc-container-wrapper">
<div class="yiv0827877385" id="yiv0827877385kc-header">
<div class="yiv0827877385" id="yiv0827877385kc-header-wrapper"> We're <strong class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445854604267_4239">sorry</strong>
...
</div>
</div>
<div class="yiv0827877385" id="yiv0827877385kc-feedback-placeholder"> </div>
<div class="yiv0827877385" id="yiv0827877385kc-locale">
<div class="yiv0827877385" id="yiv0827877385kc-locale-wrapper">
<div class="yiv0827877385" id="yiv0827877385kc-locale-dropdown"> <br clear="none">
</div>
</div>
</div>
<div class="yiv0827877385" id="yiv0827877385kc-content">
<div class="yiv0827877385" id="yiv0827877385kc-content-wrapper">
<div class="yiv0827877385" id="yiv0827877385kc-form">
<div class="yiv0827877385" id="yiv0827877385kc-form-wrapper">
<div class="yiv0827877385" id="yiv0827877385kc-error-message">
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445854604267_4251">Unexpected
error when handling authentication request to
identity provider.</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="yiv0827877385yui_3_16_0_1_1445854604267_4029"><br clear="none">
</div>
<div id="yiv0827877385yui_3_16_0_1_1445854604267_4011"><br clear="none">
</div>
<div id="yiv0827877385yui_3_16_0_1_1445854604267_4384">How can i make the "My
Message" exception message to be displayed on the login page?</div>
<div id="yiv0827877385yui_3_16_0_1_1445854604267_4518">thanks<br clear="none">
<span></span></div>
<div id="yiv0827877385yui_3_16_0_1_1445854604267_4383"><span></span></div>
<br clear="none">
<div class="yiv0827877385qtdSeparateBR"><br clear="none">
<br clear="none">
</div>
<div class="yiv0827877385yahoo_quoted" style="display:block;">
<div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;">
<div dir="ltr"> <font face="Arial" size="2"> Il Lunedì 26
Ottobre 2015 8:49, Marek Posolda
<a rel="nofollow" shape="rect" class="yiv0827877385moz-txt-link-rfc2396E" ymailto="mailto:mposolda@redhat.com" target="_blank" href="mailto:mposolda@redhat.com"><mposolda@redhat.com></a> ha scritto:<br clear="none">
</font> </div>
<br clear="none">
<br clear="none">
<div class="yiv0827877385y_msg_container">
<div id="yiv0827877385">
<div>
<div class="yiv0827877385moz-cite-prefix">On
24/10/15 23:27, alex orl wrote:<br clear="none">
</div>
<blockquote type="cite">
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2637"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2639" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2641" style="line-height:18.2px;">I'm using
jboss keycloak 1.5 final version.</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2643"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2645" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2647" style="line-height:18.2px;">I developed my
custom user federation provider
interfacing with keycloak properties and
my user enterprise database. </span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2649"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2651" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2653" style="line-height:18.2px;"><br clear="none" class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2655">
</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2657"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2659" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2661" style="line-height:18.2px;">My need is to
send up to user the login interface custom
error messages based on particular
specific error related to my legacy user
db.</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2663"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2665" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2667" style="line-height:18.2px;"><br clear="none" class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2669">
</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2671"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2673" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2675" style="line-height:18.2px;">I saw keycloak
themes have a resources folder by which i
can localize and add new messages. Then i
can reference them by angular js using </span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2677"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2679" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2681" style="line-height:18.2px;"><br clear="none" class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2683">
</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2685"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2687" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2689" style="line-height:18.2px;"> $myMessage</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2691"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2693" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2695" style="line-height:18.2px;"><br clear="none" class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2697">
</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2699"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2701" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2703" style="line-height:18.2px;">notation. The
problem is i want to rise up a message
from keycloak server. My user federation
provider implements UserFederationProvider
interface. So i should have to override:</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2705"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2707" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2709" style="line-height:18.2px;"><br clear="none" class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2711">
</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2713"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2715" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2717" style="line-height:18.2px;"> @Override</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2719"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2721" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2723" style="line-height:18.2px;"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2725" style="white-space:pre-wrap;"> </span>public
CredentialValidationOutput
validCredentials(RealmModel realm,
UserCredentialModel credential) {</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2727"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2729" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2731" style="line-height:18.2px;"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2733" style="white-space:pre-wrap;"> </span>LOGGER.info("validCredentials(realm,
credential)");</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2735"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2737" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2739" style="line-height:18.2px;"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2741" style="white-space:pre-wrap;"> </span>return
CredentialValidationOutput.failed();</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2743"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2745" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2747" style="line-height:18.2px;"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2749" style="white-space:pre-wrap;"> </span>}</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2751"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2753" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2755" style="line-height:18.2px;"><br clear="none" class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2757">
</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2751"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2901" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2900" style="line-height:18.2px;"> </span></font>
<div class="yiv0827877385" dir="ltr" id="yiv0827877385yui_3_16_0_1_1445721568491_2759" style="color:rgb(0, 0, 0);font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;line-height:normal;"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2800" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2799" style="line-height:18.2px;">In the
UserFederationProvider interface i read
that </span></font><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2906" style="line-height:18.2px;color:rgb(51, 51, 51);font-family:Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, 'Segoe UI Emoji', 'Segoe UI Symbol';">validCredentials :</span></div>
<div class="yiv0827877385" dir="ltr" id="yiv0827877385yui_3_16_0_1_1445721568491_2759" style="color:rgb(0, 0, 0);font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;line-height:normal;"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2876" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2875"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2874" style="line-height:18.2px;">Validate
credentials of unknown user. The
authenticated user is recognized based
on provided credentials and returned
back in CredentialValidationOutput</span></span></font></div>
</div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2751"><font class="yiv0827877385" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" style="line-height:18.2px;"><br clear="none">
</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2759"><font class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2761" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2763" style="line-height:18.2px;">It seems to be
the method i was looking for just because
CredentialValidationOutput contains custom
messages to be sent as validation output.
The problem is this method is never
called.</span></font></div>
</div>
</blockquote>
<font color="#333333"><font face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol">This
method is called by Keycloak just during
use-cases, when you want to authenticate with
unknown user. Which is currently during
Kerberos/SPNEGO login. It's not called during
basic flow with username/password
authentication. <br clear="none">
<br clear="none">
I think if you want to propagate error messages,
you can for example throw ModelException with
the error message you want.</font></font><br clear="none">
<blockquote type="cite">
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2759"><font class="yiv0827877385" face="Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, Segoe UI Emoji, Segoe UI Symbol" color="#333333"><span class="yiv0827877385" style="line-height:18.2px;"><br clear="none">
</span></font></div>
<div class="yiv0827877385" id="yiv0827877385yui_3_16_0_1_1445721568491_2759">The
same happens to the close method. It's never
called at the end of each request so i cannot
dispose my objects</div>
<div class="yiv0827877385" dir="ltr" id="yiv0827877385yui_3_16_0_1_1445721568491_2759"><span style="line-height:18.2px;color:rgb(51, 51, 51);font-family:Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, 'Segoe UI Emoji', 'Segoe UI Symbol';">Why?</span><br clear="none">
</div>
</div>
</blockquote>
Feel free to create JIRA for the close method.<br clear="none">
<br clear="none">
Marek
<div class="yiv0827877385yqt2250588427" id="yiv0827877385yqtfd44126"><br clear="none">
</div>
<blockquote type="cite">
<div class="yiv0827877385yqt2250588427" id="yiv0827877385yqtfd72864"> </div>
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div class="yiv0827877385yqt2250588427" id="yiv0827877385yqtfd65595">
<div class="yiv0827877385" dir="ltr" id="yiv0827877385yui_3_16_0_1_1445721568491_2759"><span id="yiv0827877385yui_3_16_0_1_1445721568491_2938" style="line-height:18.2px;color:rgb(51, 51, 51);font-family:Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, 'Segoe UI Emoji', 'Segoe UI Symbol';">Thanks a lot</span></div>
</div>
</div>
<br clear="none">
<fieldset class="yiv0827877385mimeAttachmentHeader"></fieldset>
<br clear="none">
<pre>_______________________________________________
keycloak-user mailing list
<a rel="nofollow" shape="rect" class="yiv0827877385moz-txt-link-abbreviated" ymailto="mailto:keycloak-user@lists.jboss.org" target="_blank" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a rel="nofollow" shape="rect" class="yiv0827877385moz-txt-link-freetext" target="_blank" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
<div class="yiv0827877385yqt2250588427" id="yiv0827877385yqtfd81990"> </div>
</blockquote>
<div class="yiv0827877385yqt2250588427" id="yiv0827877385yqtfd17232"> <br clear="none">
</div>
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</div>
</blockquote></div>
<br clear="none">
</div></div><br><br></div> </div> </div> </div></div></body></html>