Trapping a Java exception in the authentication flow for V3
Cantor, Scott
cantor.2 at osu.edu
Wed Oct 28 16:14:34 EDT 2015
On 10/28/15, 4:03 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
>When I log into my V3 IDP with a trailing slash on my username (don't' ask why I would do this, ask the user who found the bug), I get the following Java exception displayed a the bottom of the IDP error template page:
>
>java.lang.IllegalArgumentException: Empty nameString not allowed
>
>This is using Kerberos as my password authentication back-end. The error makes sense to me, but it wouldn't make any sense to an end user. Is there some way I can trpa this and map it to a user-friendly error message?
Is it displaying that when it redisplays the login form? Any exception message the login is raising can be mapped in the shibboleth.authn.Password.ClassifiedMessageMap bean in the password login config. Presumably it should be mapped to UnknownUsername, which is the first entry in the default map.
Probably the better option is that you can configure the shibboleth.authn.Password.Transforms bean in that same file to contain a regular expression to strip the slash.
Something like this I think:
<bean parent="shibboleth.Pair" p:first="^(.+)/$" p:second="$1" />
-- Scott
More information about the users
mailing list