Give the user a better error when they present bad SSO creds

If a user tries to do UI Auth via SSO, but uses the wrong account on the SSO IdP, try to give them a better error. Previously, the UIA would claim to be successful, but then the operation in question would simply fail with "auth fail". Instead, serve up an error page which explains the failure.
author: Richard van der Hoff <richard@matrix.org> 2021-01-12 18:19:42 +0000
committer: Richard van der Hoff <richard@matrix.org> 2021-01-13 20:22:41 +0000
commit: 5310808d3bebd17275355ecd474bc013e8c7462d (patch)
tree: 51df032cf79426b849ef7c06933ed7aa8a8ca108 /synapse/res
parent: Add a test for UI-Auth-via-SSO (#9082) (diff)
download: synapse-5310808d3bebd17275355ecd474bc013e8c7462d.tar.xz
1 files changed, 18 insertions, 0 deletions
diff --git a/synapse/res/templates/sso_auth_bad_user.html b/synapse/res/templates/sso_auth_bad_user.html
new file mode 100644
index 0000000000..3611191bf9
--- /dev/null
+++ b/synapse/res/templates/sso_auth_bad_user.html
@@ -0,0 +1,18 @@
+<html>
+<head>
+    <title>Authentication Failed</title>
+</head>
+    <body>
+        <div>
+            <p>
+                We were unable to validate your <tt>{{server_name | e}}</tt> account via
+                single-sign-on (SSO), because the SSO Identity Provider returned
+                different details than when you logged in.
+            </p>
+            <p>
+                Try the operation again, and ensure that you use the same details on
+                the Identity Provider as when you log into your account.
+            </p>
+        </div>
+    </body>
+</html>
author	Richard van der Hoff <richard@matrix.org>	2021-01-12 18:19:42 +0000
committer	Richard van der Hoff <richard@matrix.org>	2021-01-13 20:22:41 +0000
commit	5310808d3bebd17275355ecd474bc013e8c7462d (patch)
tree	51df032cf79426b849ef7c06933ed7aa8a8ca108 /synapse/res
parent	Add a test for UI-Auth-via-SSO (#9082) (diff)
download	synapse-5310808d3bebd17275355ecd474bc013e8c7462d.tar.xz