Hi Krzysztof,
we discussed it internally and having the possibility to configure an
return/forward URL would be the best in our opinion. We could send the
users to a specific page where they get further information or could
request access to the service.
Best regards,
Sander
On Mon, 2020-07-20 at 12:25 +0200, Krzysztof Benedyczak wrote:
> Hi,
>
> W dniu 17.07.2020 o 08:28, Sander Apweiler pisze:
> > Good morning Krzysztof,
> > we tested the fail Authentication action in the translation
> > profiles to
> > do a lightweight ABAC/authorisation within unity for service who
> > can't
> > do it by itself.
> > We encountered some problems/not optimal behaviour in it. The error
> > message is only send to service, but not to the users. The services
> > can
> > not handle such specific error messages and the user get a very
> > strange
> > error at the service. E.g. the error of Nextcloud is:
> > "Account not provisioned.
> > Your account is not provisioned, access to this service is thus not
> > possible."
> >
> > The user do not really understand why the login fails. From our
> > point
> > of view it would be great if the failed authentication error is
> > shown
> > to the user, maybe with the possibility to login with another
> > account.
> > Do you see a possibility to extend the fail authentication
> > behaviour?
>
> Yes, we can extend this action. Adding a checkbox: "show error
> internally" + its implementation is easy. However, is it going to be
> useful? Just to stop the user on unity error page? Shall we redirect
> back to the service (so the error, perhaps wrong if the service
> doesn't
> implement error handling correctly, will be shown again)? Or redirect
> to
> other address (like article in help center)?
>
> Best,
> KB
>
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt
-----------------------------------------------------------------------
-----------------------------------------------------------------------
|
