Proper way to handle an invalid login attempt on custom module

[Adam Bodnar]

I've written my custom authentication module by following the examples in the documentation. I have it working, but I've noticed that if a user enters their password incorrectly they are redirected to the error.php that is in the /templates/error.php. However, this does not allow the user to attempt to log back in unless they hit the back button which is not a great experience. And on top of it, the AuthState parameter is lost once you go to the error page.

So I wanted to see what is recommended way to handle this? Should my code throw an exception when the user doesn't authenticate? Is there a way to get back to the loginuserpass.php page and not lose the AuthState parameter?

Thanks.

[Adam Bodnar]

Anyone have any suggestions or thoughts?

[Peter Schober]

* Adam Bodnar <ambo...@gmail.com> [2015-05-18 23:51]:

> I've written my custom authentication module by following the examples in
> the documentation. I have it working, but I've noticed that if a user
> enters their password incorrectly they are redirected to the error.php that
> is in the /templates/error.php.

That's not what I see with my own module, or with others, e.g.:
https://openidp.feide.no/simplesaml/module.php/metaedit/index.php
No matter what you enter there, you'll stay at core/loginuserpass.php
-peter

[Adam Bodnar]

Hrm, I must be doing something wrong, cause while I am coming to loginuserpass.php, I am getting this message and not getting the form to try to login again.

In my Authentication module's login method, I do my logic and if the user does not authenticate then I throw an exception.

throw new Exception('Unable to login in user');

I traced the code and found that in lib/SimpleSAML/Error/Error.php it does the following logic:

$show_function = $config->getArray('errors.show_function', NULL);
if (isset($show_function)) {
    assert('is_callable($show_function)');
    call_user_func($show_function, $config, $data);
    assert('FALSE');
} else {
    $t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors');
    $t->data = array_merge($t->data, $data);
    $t->show();
}

When you look at error.php, you see it would display the error message above.

Is there a config setting I've got wrong or do I need to not throw an exception?

[Peter Schober]

* Adam Bodnar <ambo...@gmail.com> [2015-05-26 21:32]:

> In my Authentication module's login method, I do my logic and if the user
> does not authenticate then I throw an exception.
>
> throw new Exception('Unable to login in user');

Doing that (and not catching the exception anywhere) of course
explains your "unhandled exception" error from the screenshot (the
text content of which you could have just copied into your email).

That's also not what the documentation says you would do:
https://simplesamlphp.org/docs/stable/simplesamlphp-authsource#section_2
What it says is this:

If the username or password is incorrect, it should throw an error
saying so: throw new SimpleSAML_Error_Error('WRONGUSERPASS');

So do that (literally) instead of throwing a generic Exception.

Only if you're very serious about your exceptions would you consider
providing your own handler for that, cf. the
https://github.com/GEANT/selfregister module.
-peter

[Adam Bodnar]

Ugh, can't believe I missed that. That works.

Thanks, Peter.

[Md Mesbah Uddin Waheed]

Hello folks,
I am unable to implement a custom authentication module. I followed the documentation and did what exactly they said.
Simplesamlphp customauth 1.19

Can you please help me out? Thanks in advance.

[pat...@cirrusidentity.com]

Did you look at the stack trace and the error message? It tells you the line number in your code where the exception is from.

- Patrick

[Tim van Dijen]

You have probably missed the step where you have to update the authsource-configuration:

https://simplesamlphp.org/docs/1.19/simplesamlphp-customauth.html#adding-configuration-to-our-authentication-source

- Tim

Op dinsdag 23 augustus 2022 om 20:15:47 UTC+2 schreef pat...@cirrusidentity.com:

[Md Mesbah Uddin Waheed]

I wrote the code exactly as it is coded in the documentation. I want to be sure that my custom authentication module is working. Because my main objective is to connect simplesamlphp with Hyperledger Fabric. That's why I need to create a custom auth.  I followed every instruction and wrote every single line of code of that documentation. I am sharing my code with you guys.

[Tim van Dijen]

Have you configured `metadata/saml20-idp-hosted.php' to point to your custom authsource?

- Tim

Op woensdag 24 augustus 2022 om 14:51:12 UTC+2 schreef mesbah....@gmail.com:

[Md Mesbah Uddin Waheed]

yes, I configured it. I changed it 'auth'='example-userpass' to 'auth'='myauthinstance'

[Patrick Radtke]

In your code you spelt password with two ‘w’ “passwword”

--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:
 
https://simplesamlphp.org/support
 
Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.
 
Make sure to read the documentation:
 
https://simplesamlphp.org/docs/stable/
 
If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:
 
http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/e6GQzeqjlgY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlph...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simplesamlphp/a763861d-c13c-4d29-bab8-0e99bf63b4f9n%40googlegroups.com.

--

Patrick Radtke
CTO
Cirrus Identity

[Tim van Dijen]

Nice catch Patrick!

Op woensdag 24 augustus 2022 om 15:15:54 UTC+2 schreef pat...@cirrusidentity.com:

[Md Mesbah Uddin Waheed]

Thanks Patrick!!! and also thanks tvd!!!

[Md Mesbah Uddin Waheed]

sorry for troubling you again. I am trying to query uid and password from the database. After I've tried many things that I have found on Google and here on StackOverflow, I can't solve my problem. So I decided to ask the community.

Can you explain to me where's the fault?

Thanks in advance.

[Tim van Dijen]

Your SQL query is broken.. You are using two placeholders but only pass the uid when executing.

- Tim

Op woensdag 24 augustus 2022 om 17:35:42 UTC+2 schreef mesbah....@gmail.com:

[Tim van Dijen]

Let me rephrase that..  The query is correct, you just need to pass the password when calling the execute-method.

Op donderdag 25 augustus 2022 om 09:31:12 UTC+2 schreef Tim van Dijen:

[Md Mesbah Uddin Waheed]

Thank you, Tim it works!