If expected fields are deleted rather than reset to empty, those fields
will not be resubmitted in future requests, resulting in the content of
those requests not accurately representing true client-side login state.
For example, if a user receives an insufficient credentials error due to
their password expiring, failing to provide any new password should
result in at least the following fields:
1. Their original username (part of the initial login attempt)
2. Their original password (part of the initial login attempt)
3. Their new password (empty)
If fields are incorrectly reset to null, those fields will not be
submitted, resulting instead in a request containing only:
1. Their original username (part of the initial login attempt)
2. Their original password (part of the initial login attempt)
which is indistinguishable from a normal login attempt.
By definition, a client error is not an internal error, but an
intentional refusal of the server to handle a malformed or otherwise
invalid request. These should not be handled in the same way as server
errors which unexpectedly block processing of a request and should be
corrected by an administrator.
In the case of GUACAMOLE-1152, client errors should not be ignored even
if failures are explicitly configured as tolerated for the associated
authentication provider.
Older versions of the MySQL / MariaDB driver do not support the same level of granular SSL/TLS control, and the legacy "useSSL" parameter cannot be specified without breaking the behavior of "sslMode".
The improvements from commit ed7e7bbb84 were supposed to go to `staging/1.2.0` and then get merged back to `master`, not directly to `master`. The same changes are now being redone against `staging/1.2.0` (to be merged back in again) so that things can be put back in proper sync.
Exception handling within the SAML extension has been updated such that
exceptions generate a Guacamole Error rather than a username/password
login. Tokens now are canonicalized with a standard prefix. Now using
an Iterator to handle SAMLResponseMap cleanup.
