10:35 a.m.
When a disabled user tries to login, he gets an error 400 Bad Request (error:
"invalid_grant", error_description: "Account disabled"). However, in
my project, there are multiple reasons for a user to be disabled, which are
distinguishable by certain attributes I set to the user.
My goal is to create a Keycloak extension to customize the response based on those
attributes, so that a different error message can be shown to the user. Providing a
different value error_description would be a solution.
My question is: Is it possible to intercept that error message before it is sent to the
client, and if so, what kind of SPI do I need to write to handle that?
I am using Keycloak version 3.4.3 Final.
Regards,
Patrick Bucher
4:01 p.m.
Yes. We've done this to some extent.
Look at the UsernamePasswordForm. You can create your own version of that class with its
own Factory as well. Make sure to look at the ` AbstractUsernameFormAuthenticator` class.
Then you can override the ` public boolean enabledUser` from the abstract class. In here
you can do additional checks for the user and the conditions under which was disabled.
You'll probably have to disabledUser method and call setError with your own error
string.
Jerry
Jerry Saravia
Software Engineer
M516-603-6914
virginpulse.com
|globalchallenge.virginpulse.com
492 Old Connecticut Path, Framingham, MA 01701, USA
Australia | Bosnia and Herzegovina | Brazil | Canada | Singapore | Switzerland | United
Kingdom | USA
Confidentiality Notice: The information contained in this e-mail, including any
attachment(s), is intended solely for use by the designated recipient(s). Unauthorized
use, dissemination, distribution, or reproduction of this message by anyone other than the
intended recipient(s), or a person designated as responsible for delivering such messages
to the intended recipient, is strictly prohibited and may be unlawful. This e-mail may
contain proprietary, confidential or privileged information. Any views or opinions
expressed are solely those of the author and do not necessarily represent those of Virgin
Pulse, Inc. If you have received this message in error, or are not the named recipient(s),
please immediately notify the sender and delete this e-mail message.
v2.10
On 8/30/18, 11:35, "Patrick Bucher" <patrick.bucher(a)peax.ch> wrote:
When a disabled user tries to login, he gets an error 400 Bad Request (error:
"invalid_grant", error_description: "Account disabled"). However, in
my project, there are multiple reasons for a user to be disabled, which are
distinguishable by certain attributes I set to the user.
My goal is to create a Keycloak extension to customize the response based on those
attributes, so that a different error message can be shown to the user. Providing a
different value error_description would be a solution.
My question is: Is it possible to intercept that error message before it is sent to
the client, and if so, what kind of SPI do I need to write to handle that?
I am using Keycloak version 3.4.3 Final.
Regards,
Patrick Bucher
2296
days inactive
2296
days old
1 comments
2 participants
participants (2)
-
Jerry Saravia -
Patrick Bucher