search

steffow / meteor-accounts-saml

SAML SP tested with OpenAM
27 stars 29 forks source link

Login failed : error 500 ? #11

Closed DiesIrae closed 6 years ago

DiesIrae commented 7 years ago

Hi,

Thanks for this awesome lib! :-)

When there is no user email corresponding to the SAML connexion, an error shows in the server console : Exception while invoking method 'login' { stack: 'Error: Could not find an existing user with supplied email.

The error is pretty explicit, but how can I send it back to the client ? On the client side, I have a general 500 error. Is it normal? It seems to me a 403 would have been more logical.

I tried to fidget with Accounts.onLoginFailure(callback). The callback is triggered, but I couldn't figure out how to send an explicit error to the client.

Thanks!

steffow commented 7 years ago

Let me dig in to this. Currently not sure if it violates spec (probably not). Meanwhile: there is new option to dynamically create user, if no matching Meteor user could be found. Simply set "dynamicProfile": true in settings.js

On 18. May 2017, at 12:12, Benoit R notifications@github.com wrote:

Hi,

Thanks for this awesome lib! :-)

When there is no user email corresponding to the SAML connexion, an error shows in the server console : Exception while invoking method 'login' { stack: 'Error: Could not find an existing user with supplied email.

The error is pretty explicit, but how can I send it back to the client ? On the client side, I have a general 500 error. Is it normal? It seems to me a 403 would have been more logical.

I tried to fidget with Accounts.onLoginFailure(callback). The callback is triggered, but I couldn't figure out how to send an explicit error to the client.

Thanks!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/steffow/meteor-accounts-saml/issues/11, or mute the thread https://github.com/notifications/unsubscribe-auth/AGosJdUGRs2v79KlLWG1dwLLpZRqwmMNks5r7BmmgaJpZM4NfAll.

DiesIrae commented 7 years ago

Hi @steffow,

Thanks for the answer and the "dynamicProfile" info, it could be useful for me in the future.

For now I need to throw an error, but it needs to be a meaningful error. Do you know where I can do this on the server ?

steffow commented 7 years ago

Would it help if we could make the attribute to look for configurable? So you could eg change that from email to phoneNumber or do you generally want to getter better error code if user cannot be found? I’ll look into the 403 thing but requires some spec reading....

On 19. May 2017, at 11:10, Benoit R notifications@github.com wrote:

Hi @steffow https://github.com/steffow,

Thanks for the answer and the "dynamicProfile" info, it could be useful for me in the future.

For now I need to throw an error, but it needs to be a meaningful error. Do you know where I can do this on the server ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/steffow/meteor-accounts-saml/issues/11#issuecomment-302651198, or mute the thread https://github.com/notifications/unsubscribe-auth/AGosJd00NP6v0I1rzCzea47Nmj5tsgl5ks5r7VyWgaJpZM4NfAll.

DiesIrae commented 7 years ago

Nope email is perfectly fine. I only need to inform the user that he is well connected, but he does not exists in my environment.

Actually the http code is a thing, but I only need to recognize the error. I took a look at the code: instead of throwing a js standard error on line 123, maybe it could throw a Meteor.Error, with meaningful error code & reason?

steffow commented 6 years ago

This is reported in console log. "User not found. Will dynamically create one" - this basically corresponds to Auto Federation and is configurable.