Many rest authentication errors messages that are displayed to the user, come directly from the error message contained in the corresponding RestAuthException that is originally thrown.
These RestAuthExceptions do not extend the L10NMessageImpl class, only the base Exception class.
This means that they can only be in the server locale and this does not always match up with the localization context used in the XUI.
Therefore if the server locale is en but the the UI is another locale you’ll end up with English messages only and a browser - server mismatch.
You cannot leverage multiple locales by setting the locale via the browser for example.
This issue is also further compounded by some of the error messages having hard coded strings added to them, rather than coming from properties files such as amAuth.properties. These also propagate to the end user error message.
Using an Authentication Tree Node
Go to the login page and wait for the authentication session to timeout (5 minutes by default).
Attempt to login and XUI will display an error message "Authentication Error: Authentication timeout."
In this example “Authentication Error- is hard coded string”
Original description for reference:
It appears that XUI is looking for certain message contents within REST responses and performing l10n lookups for the message to be displayed based upon the response.
This came to the fore as a result of r9722, where the decision to return a different error message is based on the response in the error body "User Account Locked". This then creates an error response within the XUI of type "loginFailureLockout" which according to the translation.json files then maps to "This user is not active. Contact your system administrator.".
The largest issue with this approach is that the initial response from OpenAM stating "User Account Locked" should already be a localized error message. This means that in other locales the initial mapping to loginFailureLockout would not be found. OpenAM already maintains and returns i18n messages for authentication, it would be far simpler to delegate the contents of the message to the REST response message. This will save us from maintaining two sets of l10n messages and performing mappings between them in XUI.