9:45 a.m.
Hello,
I have created a theme and extended the base login form with an extra
input field.
I've also created a Script Authenticator that checks the value of the
extra field and permits or not the authentication.
My authenticator script runs after the builtin 'Username Password form'
(Browser flow).
Now I would like to do two things when authentication fails because of
my script:
1. Use a custom i18n error message instead of showing one of the
messages of the builtin AuthenticationFlowError. Is there a way to do so?
2. Stay on the login page and show the error message instead of being
sent to a 'We're sorry...' page with a link back to the login form.
For instance the builtin 'Username Password form' stays on the login
form with an error message when authentication fails which is nice and
clean.
Currently I fail the authentication with 'context.clearUser();
context.failure(AuthenticationFlowError.INVALID_CREDENTIALS);'
but I've tried various methods from 'context' without achieving either 1
or 2 of my requirements.
Cheers,
Vagelis
12:49 p.m.
Hello Vagelis,
You can use the following snippet:
function myError(context) {
return context.form()
.setError("My i18n-ed custom message", []).createLogin();
}
function authenticate(context) {
...
if (authShouldFail) {
var challengeResponse = myError(context);
// context.failure(AuthenticationFlowError.INVALID_USER);
context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS,
challengeResponse);
return;
}
context.success();
}
Good luck,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Tue, 2018-12-11 at 17:45 +0200, Vagelis Savvas wrote:
Hello,
I have created a theme and extended the base login form with an extra
input field.
I've also created a Script Authenticator that checks the value of the
extra field and permits or not the authentication.
My authenticator script runs after the builtin 'Username Password form'
(Browser flow).
Now I would like to do two things when authentication fails because of
my script:
1. Use a custom i18n error message instead of showing one of the
messages of the builtin AuthenticationFlowError. Is there a way to do so?
2. Stay on the login page and show the error message instead of being
sent to a 'We're sorry...' page with a link back to the login form.
For instance the builtin 'Username Password form' stays on the login
form with an error message when authentication fails which is nice and
clean.
Currently I fail the authentication with 'context.clearUser();
context.failure(AuthenticationFlowError.INVALID_CREDENTIALS);'
but I've tried various methods from 'context' without achieving either 1
or 2 of my requirements.
Cheers,
Vagelis
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:04 a.m.
Thank you a lot Dmitry, that did the trick.
I had to add:
context.resetFlow();
when my script fails the authentication because of invalid input on my extra
(but optional) input field.
If I didn't reset the flow then a valid username/password
but invalid input on my extra field would leave the flow
in a state where hitting the refresh browser button
would re-post and would cause the auth to succeed (because of the
valid username/passwords). Hope this sounds clear :-)
Cheers,
Vagelis
On 11/12/2018 20:49, Dmitry Telegin wrote:
Hello Vagelis,
You can use the following snippet:
function myError(context) {
return context.form()
.setError("My i18n-ed custom message", []).createLogin();
}
function authenticate(context) {
...
if (authShouldFail) {
var challengeResponse = myError(context);
// context.failure(AuthenticationFlowError.INVALID_USER);
context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS,
challengeResponse);
return;
}
context.success();
}
Good luck,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Tue, 2018-12-11 at 17:45 +0200, Vagelis Savvas wrote:
> Hello,
> I have created a theme and extended the base login form with an extra
> input field.
> I've also created a Script Authenticator that checks the value of the
> extra field and permits or not the authentication.
> My authenticator script runs after the builtin 'Username Password form'
> (Browser flow).
> Now I would like to do two things when authentication fails because of
> my script:
>
> 1. Use a custom i18n error message instead of showing one of the
> messages of the builtin AuthenticationFlowError. Is there a way to do so?
> 2. Stay on the login page and show the error message instead of being
> sent to a 'We're sorry...' page with a link back to the login form.
> For instance the builtin 'Username Password form' stays on the login
> form with an error message when authentication fails which is nice and
> clean.
> Currently I fail the authentication with 'context.clearUser();
> context.failure(AuthenticationFlowError.INVALID_CREDENTIALS);'
> but I've tried various methods from 'context' without achieving either 1
> or 2 of my requirements.
>
> Cheers,
> Vagelis
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
2223
days inactive
2224
days old
2 comments
2 participants
participants (2)
-
Dmitry Telegin -
Vagelis Savvas