diff --git a/synapse/config/saml2_config.py b/synapse/config/saml2_config.py
index 07895c4315..882aa3bb5b 100644
--- a/synapse/config/saml2_config.py
+++ b/synapse/config/saml2_config.py
@@ -15,6 +15,9 @@
# limitations under the License.
import logging
+import os
+
+import pkg_resources
from synapse.python_dependencies import DependencyException, check_requirements
from synapse.util.module_loader import load_module, load_python_module
@@ -27,18 +30,6 @@ DEFAULT_USER_MAPPING_PROVIDER = (
"synapse.handlers.saml_handler.DefaultSamlMappingProvider"
)
-SAML2_ERROR_DEFAULT_HTML = """
-<html>
- <body>
- <p>Oops! Something went wrong</p>
- <p>
- Try logging in again from your Matrix client and if the problem persists
- please contact the server's administrator.
- </p>
- </body>
-</html>
-"""
-
def _dict_merge(merge_dict, into_dict):
"""Do a deep merge of two dicts
@@ -172,12 +163,14 @@ class SAML2Config(Config):
saml2_config.get("saml_session_lifetime", "5m")
)
- if "error_html_path" in config:
- self.saml2_error_html_content = self.read_file(
- config["error_html_path"], "saml2_config.error_html_path",
- )
- else:
- self.saml2_error_html_content = SAML2_ERROR_DEFAULT_HTML
+ error_html_path = config.get("error_html_path")
+ if not error_html_path:
+ template_dir = pkg_resources.resource_filename("synapse", "res/templates")
+ error_html_path = os.path.join(template_dir, "saml_error.html")
+
+ self.saml2_error_html_content = self.read_file(
+ error_html_path, "saml2_config.error_html_path",
+ )
def _default_saml_config_dict(
self, required_attributes: set, optional_attributes: set
diff --git a/synapse/res/templates/saml_error.html b/synapse/res/templates/saml_error.html
new file mode 100644
index 0000000000..c112ac833f
--- /dev/null
+++ b/synapse/res/templates/saml_error.html
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <title>SSO error</title>
+</head>
+<body>
+ <p>Oops! Something went wrong during authentication<span id="errormsg"></span>.</p>
+ <p>
+ If you are seeing this page after clicking a link sent to you via email, make
+ sure you only click the confirmation link once, and that you open the
+ validation link in the same client you're logging in from.
+ </p>
+ <p>
+ Try logging in again from your Matrix client and if the problem persists
+ please contact the server's administrator.
+ </p>
+
+ <script type="text/javascript">
+ // Error handling to support Auth0 errors that we might get through a GET request
+ // to the validation endpoint. If an error is provided, it's either going to be
+ // located in the query string or in a query string-like URI fragment.
+ // We try to locate the error from any of these two locations, but if we can't
+ // we just don't print anything specific.
+ let searchStr = "";
+ if (window.location.search) {
+ // For some reason window.location.searchParams isn't always defined when
+ // window.location.search is, so we can't just use it right away.
+ searchStr = window.location.search;
+ } else if (window.location.hash) {
+ // Replace the # with a ? so that URLSearchParams does the right thing and
+ // doesn't parse the first parameter incorrectly.
+ searchStr = window.location.hash.replace("#", "?");
+ }
+
+ // We might end up with no error in the URL, so we need to check if we have one
+ // to print one.
+ let errorDesc = new URLSearchParams(searchStr).get("error_description")
+ if (errorDesc) {
+ document.getElementById("errormsg").innerHTML = ` ("${errorDesc}")`;
+ }
+ </script>
+</body>
+</html>
\ No newline at end of file
|
