LDAP Authn exception help needed.

[O'Dowd, Josh]

Thanks Scott, I can work with that.
-Josh

-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Wednesday, August 05, 2015 8:51 AM
To: Shib Users
Subject: Re: LDAP Authn exception help needed.

On 8/5/15, 10:37 AM, "users on behalf of O'Dowd, Josh" <users-bounces at shibboleth.net on behalf of Josh.O'Dowd at mso.umt.edu> wrote:



>You may remember I am customizing our LDAP authn process a little bit 
>to include an intercept.  The intercept appears to be working as expected, when the user credentials are good.  However, if the password is wrong, I am seeing the following  error-page message:
> 
>java.lang.IllegalArgumentException: Cannot find state with id 
>'InvalidPassword' in flow

The code provided uses the event "InvalidCredentials" to deal with a bad password result. Something you did is circumventing that and you haven't provided a transition rule to handle that event. There is no built-in event by that name.

A default transition rule is used to pass control to a state that matches the name of the signaled event, and that's what it's trying to use here and failing.

>I am seeing a similar error for “Cannot find state with id ‘ExpiredPassword’.

That event is routed to an empty/example subflow for handling an expired password because the login flows inherit from flows/authn/conditions/conditions-flow.xml where that transition is defined. That event will "pass-through" that empty subflow and eventually end up back on the login page unless the conditions flow is modified.

Doing anything like what you're doing requires manipulating the conditions flow files to add additional transitions, states, and subflows, or filling in content into the empty subflows predefined for catching a few sample events.

-- Scott

--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net