From 5ff7fbf971a30bc8e822fe6b3c906272914c8682 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Thu, 10 Aug 2017 21:34:23 -0400 Subject: [PATCH 1/3] GUACAMOLE-355: Catch CAS errors and throw them to Guacamole, and display error message in login dialog. --- .../guacamole/auth/cas/ticket/TicketValidationService.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java index 122059c6d..045b34700 100644 --- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java +++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java @@ -33,6 +33,8 @@ import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleServerException; import org.apache.guacamole.auth.cas.conf.ConfigurationService; import org.apache.guacamole.net.auth.Credentials; +import org.apache.guacamole.net.auth.credentials.CredentialsInfo; +import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException; import org.jasig.cas.client.authentication.AttributePrincipal; import org.jasig.cas.client.validation.Assertion; import org.jasig.cas.client.validation.Cas20ProxyTicketValidator; @@ -109,6 +111,10 @@ public class TicketValidationService { catch (TicketValidationException e) { throw new GuacamoleException("Ticket validation failed.", e); } + catch (Throwable t) { + logger.error("Error validating ticket with CAS server: {}", t.getMessage()); + throw new GuacamoleInsufficientCredentialsException("Error validating ticket with CAS server.", t, CredentialsInfo.USERNAME_PASSWORD); + } } From a45a44fea57f86180ed18ac9fa199e2cc2c1d7b0 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Fri, 18 Aug 2017 21:51:42 -0400 Subject: [PATCH 2/3] GUACAMOLE-355: Make error displayed to user more generic. --- .../guacamole/auth/cas/ticket/TicketValidationService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java index 045b34700..34003a661 100644 --- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java +++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java @@ -113,7 +113,7 @@ public class TicketValidationService { } catch (Throwable t) { logger.error("Error validating ticket with CAS server: {}", t.getMessage()); - throw new GuacamoleInsufficientCredentialsException("Error validating ticket with CAS server.", t, CredentialsInfo.USERNAME_PASSWORD); + throw new GuacamoleInsufficientCredentialsException("CAS login failed.", CredentialsInfo.USERNAME_PASSWORD); } } From 9c57e20a177de62a7825d198118b63df99813a50 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Fri, 27 Oct 2017 14:29:13 -0400 Subject: [PATCH 3/3] GUACAMOLE-355: Switch to Invalid credentials and rely on error being logged. --- .../guacamole/auth/cas/ticket/TicketValidationService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java index 34003a661..bfc3b69fc 100644 --- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java +++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java @@ -34,7 +34,7 @@ import org.apache.guacamole.GuacamoleServerException; import org.apache.guacamole.auth.cas.conf.ConfigurationService; import org.apache.guacamole.net.auth.Credentials; import org.apache.guacamole.net.auth.credentials.CredentialsInfo; -import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException; +import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException; import org.jasig.cas.client.authentication.AttributePrincipal; import org.jasig.cas.client.validation.Assertion; import org.jasig.cas.client.validation.Cas20ProxyTicketValidator; @@ -113,7 +113,7 @@ public class TicketValidationService { } catch (Throwable t) { logger.error("Error validating ticket with CAS server: {}", t.getMessage()); - throw new GuacamoleInsufficientCredentialsException("CAS login failed.", CredentialsInfo.USERNAME_PASSWORD); + throw new GuacamoleInvalidCredentialsException("CAS login failed.", CredentialsInfo.USERNAME_PASSWORD); } }