It's right for CAS to not be specific about authentication errors by default, but I'd like to have the option to show errors in a test CAS instance so that customers who are integrating with us can see errors without my having to look at the logs. Is there an option for this?
Thanks! On Tuesday, June 26, 2018 at 9:03:18 AM UTC-5, Chia-Ying Yang wrote: > > Actually, it's considered good security practice to not be too specific > about authentication errors. If a hacker is using the login form, you do > not want the hacker to be able to tell if the username he is trying is > valid or not. You want to be vague so that the hacker cannot tell whether > the username is wrong or the password is wrong. > > See: > https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Authentication_Responses > > David > > > > On 06/26/2018 09:15 AM, Fernando Gómez wrote: > > Hi, I need to know if it is possible, take the original authentication > error message and show the correct message. > I explain myself better: I want to know if it can be detected when the > email is not written correctly and to make the error: "Wrong email". > When the password is incorrect: show incorrect password, > I mean to show the correct message that the service returns when a login > error occurs. > What I have achieved so far, is to take in menssages.properties > > authenticationFailure.AccountNotFoundException = Invalid credentials. > authenticationFailure.FailedLoginException = Invalid credentials. > > but I need to be more specific with the causes, for which the error > occurred. > > I'm waiting > > Grateful in advance ... > > Fernando > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d7746e-dee8-4295-b1ff-202cb61c07e0%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d7746e-dee8-4295-b1ff-202cb61c07e0%40apereo.org?utm_medium=email&utm_source=footer> > . > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/601dffd9-7dec-472c-86ab-41235f56e8f4%40apereo.org.
