diff options
author | Petr Vobornik <pvoborni@redhat.com> | 2012-11-14 09:35:03 +0100 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2012-12-06 17:02:03 +0100 |
commit | 8d892f442f27026ac7195f6d9720b6da046ff477 (patch) | |
tree | 31992b4581895b358aa0b2689d7496f7c4b31255 /install/ui/login.js | |
parent | e05a720b12ae9bf8a39fa3103bdd61dc065dface (diff) | |
download | freeipa-8d892f442f27026ac7195f6d9720b6da046ff477.tar.gz freeipa-8d892f442f27026ac7195f6d9720b6da046ff477.tar.xz freeipa-8d892f442f27026ac7195f6d9720b6da046ff477.zip |
Better error message for login of users from other realms
When user from other realm than FreeIPA's tries to use Web UI (login via forms-based auth or with valid trusted realm ticket), he gets an unauthorized error with X-Ipa-Rejection-Reason=denied. Web UI responds with showing login dialog with following error message: 'Sorry you
are not allowed to access this service.'.
Note: such users are not supported because they don't have a corresponding entry in LDAP which is needed for ACLs.
https://fedorahosted.org/freeipa/ticket/3252
denied change
Diffstat (limited to 'install/ui/login.js')
-rw-r--r-- | install/ui/login.js | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/install/ui/login.js b/install/ui/login.js index cd4e72d95..1fce8ecc5 100644 --- a/install/ui/login.js +++ b/install/ui/login.js @@ -35,8 +35,8 @@ LP.login = function(username, password) { //change result from invalid only if we have a header which we //understand - if (reason === 'password-expired') { - result = 'expired'; + if (reason === 'password-expired' || reason === 'denied') { + result = reason; } } } @@ -70,12 +70,14 @@ LP.on_submit = function() { var result = LP.login(username, password); + $('.error-box').hide(); + if (result === 'invalid') { - $('#expired').css('display', 'none'); - $('#invalid').css('display', 'block'); - } else if (result === 'expired') { - $('#invalid').css('display', 'none'); - $('#expired').css('display', 'block'); + $('#invalid').show(); + } else if (result === 'password-expired') { + $('#expired').show(); + } else if(result === 'denied') { + $('#denied').show(); } else { window.location = '/ipa/ui'; } |