Error Codes from LDAP / Microsoft Active Directory authentication
Yusuf Tran
Yusuf.Tran at kaplan.com
Tue May 21 10:25:20 EDT 2013
Thank you so much for the prompt reply Kevin, got it working :)
Incase anyone googles for this in the future
In the login page add
<%@ page import="edu.internet2.middleware.shibboleth.idp.authn.LoginHandler" %>
<% if (request.getAttribute(LoginHandler.AUTHENTICATION_EXCEPTION_KEY) != null) {
String loginMsg = ((Exception)request.getAttribute(LoginHandler.AUTHENTICATION_EXCEPTION_KEY)).getMessage().trim();
String niceMsg = "";
if(loginMsg.contains("52e")) {
niceMsg = "Invalid username or password";
}
else if(loginMsg.contains("532")) {
niceMsg = "Password has expired";
}
else if(loginMsg.contains("701")) {
niceMsg = "Account has expired";
}
else if(loginMsg.contains("533")) {
niceMsg = "Account is disabled";
}
else if(loginMsg.contains("775")) {
niceMsg = "Account is locked";
}
else {
niceMsg = "An unknown authentication error occured";
}
%>
Replace niceMsg with whatever instructions you want to display
Regards
Yusuf
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Kevin P. Foote
Sent: 21 May 2013 15:10
To: Shib Users
Subject: Re: Error Codes from LDAP / Microsoft Active Directory authentication
On Tue, 21 May 2013, Yusuf Tran wrote:
> The goal is to give students specific directions on the IDP login page based on the error codes.
You can do this by fielding the sub error code that MSAD sends along with the Ldap Error 49
In my IdP I bubble the error code back up to the js level and field it there.. I'm sure you can do it earlier in the servlet or IdP but js was easy to see / do.
Here are some MS sub codes.. that ride along with the Ldap Error 49 when using the vt-ldap module..
(775) account locked
(701) account expired
(532) password expired
(52e) invalid credentials
(533) account disabled
HTH.. let me know if you need more.
------
thanks
kevin.foote
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list