honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Better msg on unmapped principal attribute (#37805) 

When we can't map the principal attribute from the configured SAML
attribute in the realm settings, we can't complete the
authentication. We return an error to the user indicating this and
we present them with a list of attributes we did get from the SAML
response to point out that the expected one was not part of that
list. This list will never contain the NameIDs though as they are
not part of the SAMLAttribute list. So we might have a NameID but
just with a different format.
This commit is contained in:
Ioannis Kakavas 2019-01-24 17:05:01 +02:00 committed by GitHub
parent a6abb28abf
commit 265710e658
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRealm.java
View File

@ -417,8 +417,9 @@ public final class SamlRealm extends Realm implements Releasable {
private void buildUser(SamlAttributes attributes, ActionListener<AuthenticationResult> baseListener) {
final String principal = resolveSingleValueAttribute(attributes, principalAttribute, PRINCIPAL_ATTRIBUTE.name(config));
if (Strings.isNullOrEmpty(principal)) {
baseListener.onResponse(AuthenticationResult.unsuccessful(
principalAttribute + " not found in " + attributes.attributes(), null));
final String msg =
principalAttribute + " not found in saml attributes" + attributes.attributes() + " or NameID [" + attributes.name() + "]";
baseListener.onResponse(AuthenticationResult.unsuccessful(msg, null));
return;
}