[midPoint-git] [Evolveum/midpoint] e6adc3: Fix authentication failure reporting

mederly noreply at github.com
Tue Apr 4 19:55:25 CEST 2023 

  Branch: refs/heads/master
  Home:   https://github.com/Evolveum/midpoint
  Commit: e6adc3d1b3ad872099b2ab0312c1aabc1e31e94c
      https://github.com/Evolveum/midpoint/commit/e6adc3d1b3ad872099b2ab0312c1aabc1e31e94c
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-04-04 (Tue, 04 Apr 2023)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageSecurityQuestions.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/evaluator/AuthenticationEvaluatorImpl.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/evaluator/FocusIdentificationAuthenticationEvaluatorImpl.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/evaluator/NonceAuthenticationEvaluatorImpl.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/evaluator/PasswordAuthenticationEvaluatorImpl.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/evaluator/SecurityQuestionAuthenticationEvaluatorImpl.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcAuthorizationRequestRedirectFilter.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/AttributeVerificationProvider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/ClusterProvider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/FocusIdentificationProvider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/HintAuthenticationProvider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/MailNonceProvider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/MidPointAbstractAuthenticationProvider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/MidPointLdapAuthenticationProvider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/OidcClientProvider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/OidcResourceServerProvider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/PasswordProvider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/Saml2Provider.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/SecurityQuestionProvider.java
    M model/authentication-impl/src/test/java/com/evolveum/midpoint/authentication/evaluator/TestAbstractAuthenticationEvaluator.java
    M model/authentication-impl/src/test/java/com/evolveum/midpoint/authentication/evaluator/TestSecurityQuestionsAuthenticationEvaluator.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/MidpointFunctionsImpl.java

  Log Message:
  -----------
  Fix authentication failure reporting

Authentication failures were logged at ERROR and INFO levels even
for normal cases like user entering no password, no answers to
security questions, no username (during password reset), and so on.
All of this is now logged at DEBUG level, except for intra-cluster
authentication and some more exotic cases (OIDC etc - I leave these
for further consideration by Lukas or other experts.)

In particular, some of the exceptions had to be reclassified in order
to achieve their correct logging: "Required assignment target is
missing" and "No authorizations" are no longer of type
InternalAuthenticationServiceException but (IMHO more correctly) of
DisabledException type.

As part of this, the content of 318122e32c68bd674421d59ea3f1929ef44b048c
(MID-8341) is restored again.

Other changes:
 - Some keys for invalid credentials related to security questions
   were fixed, to better reflect the context and/or nature of the
   authentication failure.
 - Fixed error message when "publicHttpUrlPattern" is missing.
 - Default for security question "enabled" property was fixed at one
   place.

Fixes MID-8726 and relates to MID-8341.


  Commit: 3b1f6a6421ac4ecbadf259c4370a91a7895bbdac
      https://github.com/Evolveum/midpoint/commit/3b1f6a6421ac4ecbadf259c4370a91a7895bbdac
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-04-04 (Tue, 04 Apr 2023)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ResourceAttributeRefPanelFactory.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/role/component/wizard/construction/ConstructionOutboundMappingsStepPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/role/component/wizard/construction/ConstructionWizardPanel.java

  Log Message:
  -----------
  Merge remote-tracking branch 'origin/master'


Compare: https://github.com/Evolveum/midpoint/compare/38d9426e7ae0...3b1f6a6421ac

More information about the midPoint-svn mailing list