When an authnrequest is canceled, statusMessage should contain a message telling what happened.
#2 Updated by Benjamin Dauvergne almost 4 years ago
In response messages of the SAML protocol there is a part called the Status (an XML element), it contains an unique element the StatusCode which is usually success (see https://www.samltool.com/generic_sso_res.php for an exemple). When the statuscode is not success, it can be accompanied by another element named "StatusMessage" which is a freeform message intended to the user. Currently we do not set such a message when we return a not success error (for example if the user select "cancel" instead of login in).
Points where not succes is returned by authentic must be found (in authentic2/idp/saml2/saml2_endpoints.py) and a statusmessage should be set using a translatable string (lasso expect UTF-8 strings, so the string must be encoded before being set in login.response.status.statusMessage).
#3 Updated by Josué Kouka almost 4 years ago
- File 0001-Status-message-added-when-user-refuse-to-consent-or-.patch View added
- Status changed from Nouveau to En cours
- Patch proposed changed from No to Yes
statusMessage added when user refuses to consent or cancel the login process
#4 Updated by Josué Kouka almost 4 years ago
- Patch proposed changed from Yes to No
- File 0001-7879-adding-translation-to-SAML-response-statusMessa.patch View added
#5 Updated by Benjamin Dauvergne almost 4 years ago
I forgot that
set_saml2_response_responder_status_code did already handle this, good catch.
This line is erroneous:
_('User canceled login process'.decode('utf-8'))
you must encode and not decode, and it must be done after getting the translated string, like this:
Also I would prefer only one patch for these changes (use git rebase), but with one more patch for the translations (do makemessages, then modify
src/authentic2/saml/locale/fr/.../django.po to translate both strings).