Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Better msg on unmapped principal attribute (#37805)

When we can't map the principal attribute from the configured SAML
attribute in the realm settings, we can't complete the
authentication. We return an error to the user indicating this and
we present them with a list of attributes we did get from the SAML
response to point out that the expected one was not part of that
list. This list will never contain the NameIDs though as they are
not part of the SAMLAttribute list. So we might have a NameID but
just with a different format.
Ioannis Kakavas 6 years ago
parent
a6abb28abf
commit
265710e658
1 changed files with 3 additions and 2 deletions
Split View Show Diff Stats
  1. 3 2
      x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRealm.java

+ 3 - 2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRealm.java
View File 

@@ -417,8 +417,9 @@ public final class SamlRealm extends Realm implements Releasable {
 
     private void buildUser(SamlAttributes attributes, ActionListener<AuthenticationResult> baseListener) {
 
         final String principal = resolveSingleValueAttribute(attributes, principalAttribute, PRINCIPAL_ATTRIBUTE.name(config));
 
         if (Strings.isNullOrEmpty(principal)) {
 
-            baseListener.onResponse(AuthenticationResult.unsuccessful(
 
-                    principalAttribute + " not found in " + attributes.attributes(), null));
 
+            final String msg =
 
+                principalAttribute + " not found in saml attributes" + attributes.attributes() + " or NameID [" + attributes.name() + "]";
 
+            baseListener.onResponse(AuthenticationResult.unsuccessful(msg, null));
 
             return;
 
         }