Issue #157: Better logging if supported NameID not authenticated - ipsilon

ipsilon

#157 Better logging if supported NameID not authenticated

Closed: Fixed None Opened 9 years ago by rcritten.

Configure an SP for the Kerberos NameID and configure the IdP to support GSSAPI and form (--ipa yes --form yes for example) and ensure that Kerberos is allowed for the SP.

Now log in without a Kerberos ticket. The GSSAPI auth will fail and fall back to form.

You'll always be denied access.

The only server-side logging is a DEBUG level message:

Unavailable Name ID type [urn:oasis:names:tc:SAML:2.0:status:AuthnFailed]

Which isn't all that useful.

It should say something that the proper NameID was not satisfied, regardless of proper authentication.

nkinder commented 9 years ago

Fields changed

milestone: => 1.1

rcritten commented 9 years ago

Fields changed

owner: => rcritten
status: new => accepted

rcritten commented 9 years ago

https://pagure.io/ipsilon/pull-request/21

patch_available: 0 => 1

nkinder commented 9 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1256520

rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1256520 1256520]

rcritten commented 9 years ago

master: ea3a3c6

resolution: => fixed
status: accepted => closed

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: 1.1

8 years ago

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

Major

Milestone

1.1

rhbz

[https://bugzilla.redhat.com/show_bug.cgi?id=1256520 1256520]

design_link

None

type

defect

component

framework

version

None

sensitive

patch_available

ipsilon

Source Code

#157 Better logging if supported NameID not authenticated Closed: Fixed None Opened 9 years ago by rcritten.

Metadata

#157 Better logging if supported NameID not authenticated

Closed: Fixed None Opened 9 years ago by rcritten.