Nicer display/auto redirect back to login screen on some errors

By: Shaun Walker named 02 Mar 2021 at 4:19 p.m. CST

19 Responses
Shaun Walker gravatar
Hi Team, We have noticed a number of users complain about some of the error screens. Primarily, I believe due to sitting on a login screen for too long and being sent to an error page on form submission that says "**Failed to authenticate. Authentication session has expired. Please navigate back to the original page and try again.**". In other cases, its simply a redirect to an "oops" page with little to no information, and im unable to determine from the logs when and how this occurs. Is there a simple way for us to send the user back to the login screen with a warning instead to improve UX?
Gluu 4.2.1 Rhel 7.8
closed

Answers

By Vadim Saratovtsev user 02 Mar 2021 at 5:04 p.m. CST

Copy
Vadim Saratovtsev gravatar
Are you looking to keep such warning indefinitely or just delay the time out?

By Shaun Walker named 04 Mar 2021 at 12:13 a.m. CST

Copy
Shaun Walker gravatar
Good question, Showing the warning/error when it occurs would be fine.

By Mohib Zico staff 16 Mar 2021 at 1:37 a.m. CDT

Copy
Mohib Zico gravatar
Hello Gentlemen, My two cents... >> In other cases, its simply a redirect to an "oops" page with little to no information, and im unable to determine from the logs when and how this occurs. There isn't any single code / page which can be modified for "Oops" error. However, we are trying to replace those "Oops" with proper error message. Need your help here... like whenver you/me/he/she get some Oops, let us know how you got it so we can find the exact code and do replacement. Thoughts?

By Shaun Walker named 16 Mar 2021 at 5:20 p.m. CDT

Copy
Shaun Walker gravatar
Thanks Mohib, That sounds like a great idea. Some cases that I have seen it so far that should be easy to replicate and hopefully find: * Sitting on login screen until session data times out, and then try and submit form (I've managed to do this a few times logging into the support forum as well :) * Trying to use the login from inside an iframe on an apple safari device (some reason this triggers 3rd party cookie protection in safari and it falls into a heap) I'll try and add to this list once I get more from the internal teams.

By Mohib Zico staff 28 Mar 2021 at 11:21 p.m. CDT

Copy
Mohib Zico gravatar
Thanks, Shaun.

By Mohib Zico staff 27 Apr 2021 at 4:51 a.m. CDT

Copy
Mohib Zico gravatar
Hi Shaun, Apologies for late response but I believe I am back to this task at last. :-) I have one question if I may: >> Sitting on login screen until session data times out, and then try and submit form (I've managed to do this a few times logging into the support forum as well There are two types of scenarios for this use case. - When user coming from RP / app, and then sitting on login screen. - When Gluu Server admin sitting on login screen before entering into oxTrust ( Gluu Admin panel ). Which case we want to cover first?

By Shaun Walker named 27 Apr 2021 at 5:06 p.m. CDT

Copy
Shaun Walker gravatar
Hi Mohib, "When user coming from RP / app, and then sitting on login screen." Would be the most important scenario for us :) Cheers, Shaun

By Mohib Zico staff 28 Apr 2021 at 12:18 a.m. CDT

Copy
Mohib Zico gravatar
Thanks Shaun. So, [this](https://youtu.be/czeFchI07W8) is the use case we are working on right now? In this example: "pythonrp.gluu.org:20443" is my RP which is going to "test423.gluu.org" for authentication, and I am sitting in oxAuth login page for 3 mins before authentication.

By Shaun Walker named 28 Apr 2021 at 5:26 p.m. CDT

Copy
Shaun Walker gravatar
Not sure that was the right link, I now want to drink Lassi :) An example would be: 1. User loads mobile application that has OAuth workflow 2. User clicks log in 3. User sits on said log in screen, or potential on the subsequent MFA screen and session times out 4. User tries to action requirements on the page 5. User gets "Oops" page which loses any branding we have applied for that OAuth client (templating) with no visible explanation on what the user has done wrong, or how to return back and try again

By Mohib Zico staff 28 Apr 2021 at 11:29 p.m. CDT

Copy
Mohib Zico gravatar
Haha! What a shame! Surely, my computer's cache had that "lassi" video. Sorry. Here is the link again: https://www.youtube.com/watch?v=kyWJC1_bu_k&ab_channel=MohibZico

By Shaun Walker named 04 Sep 2021 at 1:12 a.m. CDT

Copy
Shaun Walker gravatar
Apologies, forgot to reply. But yes. Ideally it would be nice to be able to have a nicer error returned, or the ability for this to be fed into the interception layer so it can be handled before we get to error.html This way we can try and handle it a bit more gracefully

By Mohib Zico staff 04 Sep 2021 at 11:53 p.m. CDT

Copy
Mohib Zico gravatar
Hi Shaun, >> Ideally it would be nice to be able to have a nicer error returned, or the ability for this to be fed into the interception layer so it can be handled before we get to error.html I'll talk to our Dev and will try to collect how we can do that.

By Shaun Walker named 06 Oct 2021 at 8:09 p.m. CDT

Copy
Shaun Walker gravatar
Hi Mohib, Do we have any updates on this? Anything in Gluu 4.3?

By Mohib Zico staff 21 Nov 2021 at 7:35 p.m. CST

Copy
Mohib Zico gravatar
Sorry, Shaun. I don't know how this ticket is falling through the crack again and again! So, I talked to Dev and they asked me something like... "Page is showing error message for lack of session which is true. What else you wanna present to user?" I think my answer will be: "do we have any option where we can tweak various oxAuth error message with some python script or so?" What do you think?

By Shaun Walker named 22 Nov 2021 at 5:43 p.m. CST

Copy
Shaun Walker gravatar
Hi Mohib, I think that covers it. I understand there are a few different scenarios that can trigger the error, so it would be ideal for them to be identifiable somehow, whether each time has a unique flag/status code. Being able to feed that into the python layer and potentially craft templates to use instead, as well as log specifically the exact issue would be very handy and help with reducing user feedback of the system. Cheers, Shaun

By Mohib Zico staff 22 Nov 2021 at 9:06 p.m. CST

Copy
Mohib Zico gravatar
Got it. Let me talk to Dev Lead. Thanks!

By Mohib Zico staff 09 Dec 2021 at 11:51 p.m. CST

Copy
Mohib Zico gravatar
Hello Shaun, I tried something and seems like I was able to modify those error message very easily. Here is what I did: - took `oxauth_en.properties` from `/opt/jetty-9.4/temp/jetty-localhost-8081-oxauth_war-_oxauth-any-11422675859618960134/webapp/WEB-INF/classes/` location. - modified `login.errorSessionInvalidMessage` value. - placed this modified `oxauth_en.properties` in `/opt/gluu/jetty/oxauth/custom/i18n` location. - made sure this file is in `jetty:jetty` permission. - restart `oxauth` service. Result is in screenshot.
Screenshot_from_2021-12-09_23-46-33.png

By Shaun Walker named 15 Dec 2021 at 6:06 p.m. CST

Copy
Shaun Walker gravatar
Thanks Mohib, This looks pretty useful. We'll see what we can do with this :)

By Mohib Zico staff 27 Dec 2021 at 7:27 a.m. CST

Copy
Mohib Zico gravatar
Hi Shaun, Sure. Please reopen the ticket if you have any question or confusion. Thanks!

Post an answer