Details
diff --git a/broker/kerberos/src/main/java/org/keycloak/broker/kerberos/KerberosIdentityProvider.java b/broker/kerberos/src/main/java/org/keycloak/broker/kerberos/KerberosIdentityProvider.java
index fc7db82..56b30fd 100644
--- a/broker/kerberos/src/main/java/org/keycloak/broker/kerberos/KerberosIdentityProvider.java
+++ b/broker/kerberos/src/main/java/org/keycloak/broker/kerberos/KerberosIdentityProvider.java
@@ -107,9 +107,11 @@ public class KerberosIdentityProvider extends AbstractIdentityProvider<KerberosI
Response response = request.getSession().getProvider(LoginFormsProvider.class)
.setRealm(request.getRealm())
.setUriInfo(request.getUriInfo())
- .setError("errorKerberosLogin")
+ .setClient(request.getClientSession().getClient())
+ .setClientSessionCode(getRelayState(request))
+ .setWarning("errorKerberosLogin")
.setStatus(Response.Status.UNAUTHORIZED)
- .createErrorPage();
+ .createLogin();
response.getMetadata().putSingle(HttpHeaders.WWW_AUTHENTICATE, negotiateHeader);
return AuthenticationResponse.fromResponse(response);
diff --git a/events/api/src/main/java/org/keycloak/events/Errors.java b/events/api/src/main/java/org/keycloak/events/Errors.java
index a0f536c..2fa691e 100755
--- a/events/api/src/main/java/org/keycloak/events/Errors.java
+++ b/events/api/src/main/java/org/keycloak/events/Errors.java
@@ -27,6 +27,7 @@ public interface Errors {
String INVALID_SIGNATURE = "invalid_signature";
String INVALID_REGISTRATION = "invalid_registration";
String INVALID_FORM = "invalid_form";
+ String EXPIRED_CODE = "expired_code";
String REGISTRATION_DISABLED = "registration_disabled";
diff --git a/forms/common-themes/src/main/resources/theme/login/base/messages/messages.properties b/forms/common-themes/src/main/resources/theme/login/base/messages/messages.properties
index 7bec3b1..3819d67 100755
--- a/forms/common-themes/src/main/resources/theme/login/base/messages/messages.properties
+++ b/forms/common-themes/src/main/resources/theme/login/base/messages/messages.properties
@@ -34,6 +34,7 @@ invalidPassword=Invalid username or password.
invalidEmail=Invalid email address
accountDisabled=Account is disabled, contact admin
accountTemporarilyDisabled=Account is temporarily disabled, contact admin or try again later
+expiredCode=Login timeout or unknown action. Please login again
missingFirstName=Please specify first name
missingLastName=Please specify last name
@@ -97,7 +98,7 @@ actionPasswordWarning=You need to change your password to activate your account.
actionEmailWarning=You need to verify your email address to activate your account.
actionFollow=Please fill in the fields below.
-errorKerberosLogin=Unable to login with Kerberos
+errorKerberosLogin=Unable to login with Kerberos. Request Kerberos ticket or use different login mechanism
successHeader=Success!
errorHeader=Error!
diff --git a/services/src/main/java/org/keycloak/services/messages/Messages.java b/services/src/main/java/org/keycloak/services/messages/Messages.java
index c2eaaaa..0ad0352 100755
--- a/services/src/main/java/org/keycloak/services/messages/Messages.java
+++ b/services/src/main/java/org/keycloak/services/messages/Messages.java
@@ -39,6 +39,8 @@ public class Messages {
public static final String INVALID_USER = "invalidUser";
+ public static final String EXPIRED_CODE = "expiredCode";
+
public static final String READ_ONLY_USER = "readOnlyUser";
public static final String READ_ONLY_PASSWORD = "readOnlyPassword";
diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index 1e2bd85..0ed09d0 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -275,8 +275,8 @@ public class LoginActionsService {
ClientSessionModel clientSession = clientCode.getClientSession();
if (!clientCode.isValid(ClientSessionModel.Action.AUTHENTICATE) || clientSession.getUserSession() != null) {
clientCode.setAction(ClientSessionModel.Action.AUTHENTICATE);
- event.client(clientSession.getClient()).error(Errors.INVALID_CODE);
- return Flows.forms(this.session, realm, clientSession.getClient(), uriInfo).setError(Messages.INVALID_USER)
+ event.client(clientSession.getClient()).error(Errors.EXPIRED_CODE);
+ return Flows.forms(this.session, realm, clientSession.getClient(), uriInfo).setError(Messages.EXPIRED_CODE)
.setClientSessionCode(clientCode.getCode())
.createLogin();
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
index 3741c30..eb71e08 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
@@ -42,6 +42,7 @@ import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
+import org.keycloak.util.Time;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.client.Client;
@@ -276,4 +277,22 @@ public class LoginTest {
events.expectLogin().error("rejected_by_user").user((String) null).session((String) null).removeDetail(Details.USERNAME).removeDetail(Details.CODE_ID).assertEvent();
}
+ // KEYCLOAK-1037
+ @Test
+ public void loginExpiredCode() {
+ try {
+ loginPage.open();
+ Time.setOffset(5000);
+ loginPage.login("login@test.com", "password");
+
+ loginPage.assertCurrent();
+ Assert.assertEquals("Login timeout or unknown action. Please login again", loginPage.getError());
+
+ events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails().assertEvent();
+
+ } finally {
+ Time.setOffset(0);
+ }
+ }
+
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
index 4673165..d308c3e 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
@@ -164,9 +164,9 @@ public class LoginTotpTest {
loginTotpPage.login(totp.generate("totpSecret"));
loginPage.assertCurrent();
- Assert.assertEquals("Invalid username or password.", loginPage.getError());
+ Assert.assertEquals("Login timeout or unknown action. Please login again", loginPage.getError());
- AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().error("invalid_code")
+ AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().error("expired_code")
.user((String)null)
.clearDetails()
.session((String) null);
