Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16074

Custom error message specific to the Module

    Details

      Description

      Custom Auth Failed message in AMAuthHOTP.properties is not displayed when user fails login in HOTP.

      Procedure is described in this KB:

      https://backstage.forgerock.com/knowledge/kb/article/a89677376

       

      Error message from AMAuth.properties is displayed instead of the module specific one.

       

      Here is the Java code for this part of the authentication in HOTP.java:

      if (enteredHOTPCode == null || enteredHOTPCode.length() == 0) {
        if (++attempt >= hotpRetryMaxAttempts) {
          if (debug.messageEnabled()) {
            debug.message("HOTP.process() : " + "invalid HOTP code");
          }
          setFailureID(userName);
          throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
        }
        substituteHeader(state,
        MODULE_NAME + " Attempt " + (attempt + 1) + " of " + hotpRetryMaxAttempts);
        return currentState;
      }
      
      

      I can see the invalid password error message in the logs but the message displayed for the user is " Authentication Failed" no matter what we put in the amAuthHOTP.properties.

       

      This Jira would be to give the option so the admin can customize the error message according to the module the user is in. For instance, if the user failed the LDAP module, display "Invalid username/password combination". If the user failed in the HOTP, display the error message "Invalid OTP" and so on.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              dennis.andrade Dennis Andrade
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: