/** * If it fails to authenticate the user, the method gets the value from configuration * Saml2FailedLoginRedirectUrl; if the user configured an error URL then it redirects to that * URL, otherwise it throws the ServerApiException */ protected void whenFailToAuthenticateThrowExceptionOrRedirectToUrl(final Map<String, Object[]> params, final String responseType, final HttpServletResponse resp, Issuer issuer, UserAccount userAccount) throws IOException { if (userAccount == null || userAccount.getExternalEntity() == null || !samlAuthManager.isUserAuthorized(userAccount.getId(), issuer.getValue())) { String saml2RedirectUrl = saml2FailedLoginRedirectUrl.value(); if (StringUtils.isBlank(saml2RedirectUrl)) { throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "Your authenticated user is not authorized for SAML Single Sign-On, please contact your administrator", params, responseType)); } else { resp.sendRedirect(saml2RedirectUrl); } } }
|| !nextUserAccount.getAccountState().equals(Account.State.enabled.toString()) || !nextUserAccount.getUsername().equals(currentUserAccount.getUsername()) || !nextUserAccount.getExternalEntity().equals(currentUserAccount.getExternalEntity()) || (nextUserAccount.getDomainId() != domain.getId()) || (nextUserAccount.getSource() != User.Source.SAML2)) { List<UserAccountVO> switchableAccounts = _userAccountDao.getAllUsersByNameAndEntity(currentUserAccount.getUsername(), currentUserAccount.getExternalEntity()); if (switchableAccounts != null && switchableAccounts.size() > 0 && currentUserId != User.UID_SYSTEM) { List<SamlUserAccountResponse> accountResponses = new ArrayList<SamlUserAccountResponse>();