[JENKINS-50004] No more Ooops error (#50)

* [JENKINS-50004] No more Ooops error
jenkinsci · May 14, 2018 · 1f346bc · 1f346bc
1 parent db01426
commit 1f346bc
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java
@@ -17,12 +17,14 @@
 
 package org.jenkinsci.plugins.saml;
 
+import org.acegisecurity.BadCredentialsException;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.pac4j.core.context.WebContext;
 import org.pac4j.core.exception.HttpAction;
 import org.pac4j.saml.client.SAML2Client;
 import org.pac4j.saml.credentials.SAML2Credentials;
+import org.pac4j.saml.exceptions.SAMLException;
 import org.pac4j.saml.profile.SAML2Profile;
 
 import java.util.logging.Logger;
@@ -52,14 +54,14 @@ protected SAML2Profile process() {
             final WebContext context = createWebContext();
             credentials = client.getCredentials(context);
             saml2Profile = client.getUserProfile(credentials, context);
-        } catch (HttpAction e) {
-            throw new IllegalStateException(e);
+        } catch (HttpAction|SAMLException e) {
+            //if the SAMLResponse is not valid we send the user again to the IdP
+            throw new BadCredentialsException(e.getMessage(), e);
         }
-
         if (saml2Profile == null) {
             String msg = "Could not find user profile for SAML credentials: " + credentials;
             LOG.severe(msg);
-            throw new IllegalStateException(msg);
+            throw new BadCredentialsException(msg);
         }
 
         LOG.finer(saml2Profile.toString());