[SLING-7938] Add an option to prefer sending the reason_code as a request parameter over the reason text when redirecting to the login page - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Form Based Authentication 1.0.10
Fix Version/s: Form Based Authentication 1.0.12
Component/s: Authentication
Labels:
None

Description

Add a config option to the form authentication handler to prefer sending the reason_code as a request parameter instead of the reason text when redirecting to the login page.

Sending the reason code as a request parameter should be safer, especially if your custom login page was echoing the reason text to the screen. The custom login page script can then calculate the reason text to show in the UI by matching the reason codes against the well-known failure reason codes and fallback to some default reason text for anything invalid.

Attachments

Activity

People

Assignee:: Eric Norman

Reporter:: Eric Norman

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 18/Sep/18 22:38

Updated:: 20/Sep/19 11:34

Resolved:: 19/Sep/18 01:07