Actioned user federating with SAML IDP returns wrong error code

[jobannon]

Actioned user federating with SAML returns wrong error code

Description

1. If you create a user action that prevents login, and
2. Attempt to log in via SAML federating to FusionAuth using a user that is actioned,
3. FusionAuth returns the wrong response (see screenshot).
4. FusionAuth should indicate that the user was not able to log in due to a user action preventing login instead.

Affects versions

1.47.0

Steps to reproduce

Steps to reproduce the behavior:

1. Create a user Action Preventing login. Apply to a user.
2. Attempt to log in that user with a SAML IdP
3. See that FusionAuth returns an error, but the wrong type.

Expected behavior

Return the correct error type when the user is actioned, even during federation

Screenshots

Current Error

Expected Error

Either a locked message like below:

Or ideally,

409

The user is currently in an action that has prevented login. The response will contain the actions that prevented login.

If applicable, add screenshots to help explain your problem.

Platform

Dev Setup

Additional context

Client reported

[doglitbug]

Can we vote on this being resolved?

[mooreds]

@doglitbug yes, please vote this up.

Here's our general roadmap guidance: https://fusionauth.io/docs/operate/roadmap/roadmap