diff --git a/gradle.properties b/gradle.properties index 5625fd142..c99c9dc5d 100644 --- a/gradle.properties +++ b/gradle.properties @@ -14,6 +14,6 @@ # limitations under the License. # -version=3.25.0 +version=3.25.1 groupId=com.nike.cerberus artifactId=cms diff --git a/src/main/java/com/nike/cerberus/auth/connector/okta/OktaAuthConnector.java b/src/main/java/com/nike/cerberus/auth/connector/okta/OktaAuthConnector.java index 42a0dbbe1..a553dc135 100644 --- a/src/main/java/com/nike/cerberus/auth/connector/okta/OktaAuthConnector.java +++ b/src/main/java/com/nike/cerberus/auth/connector/okta/OktaAuthConnector.java @@ -25,6 +25,7 @@ import com.nike.cerberus.auth.connector.okta.statehandlers.InitialLoginStateHandler; import com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler; import com.nike.cerberus.error.DefaultApiError; +import com.okta.authn.sdk.AuthenticationException; import com.okta.authn.sdk.FactorValidationException; import com.okta.authn.sdk.client.AuthenticationClient; import com.okta.authn.sdk.impl.resource.DefaultVerifyPassCodeFactorRequest; @@ -35,7 +36,9 @@ import java.util.List; import java.util.Set; import java.util.concurrent.CompletableFuture; +import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; /** * Okta version 1 API implementation of the AuthConnector interface. @@ -66,6 +69,8 @@ public AuthResponse authenticate(String username, String password) { try { oktaAuthenticationClient.authenticate(username, password.toCharArray(), null, stateHandler); return authResponse.get(45, TimeUnit.SECONDS); + } catch (ApiException e) { + throw e; } catch (Exception e) { throw ApiException.newBuilder() .withExceptionCause(e) @@ -86,6 +91,8 @@ public AuthResponse triggerChallenge(String stateToken, String deviceId) { try { oktaAuthenticationClient.challengeFactor(deviceId, stateToken, stateHandler); return authResponse.get(45, TimeUnit.SECONDS); + } catch (ApiException e) { + throw e; } catch (Exception e) { throw ApiException.newBuilder() .withExceptionCause(e) @@ -111,6 +118,8 @@ public AuthResponse mfaCheck(String stateToken, String deviceId, String otpToken try { oktaAuthenticationClient.verifyFactor(deviceId, request, stateHandler); return authResponse.get(45, TimeUnit.SECONDS); + } catch (ApiException e) { + throw e; } catch(FactorValidationException e) { throw ApiException.newBuilder() .withExceptionCause(e) @@ -145,4 +154,4 @@ public Set getGroups(AuthData authData) { return groups; } -} \ No newline at end of file +} diff --git a/src/main/java/com/nike/cerberus/auth/connector/okta/statehandlers/AbstractOktaStateHandler.java b/src/main/java/com/nike/cerberus/auth/connector/okta/statehandlers/AbstractOktaStateHandler.java index 4a597ad28..6206ca2cd 100644 --- a/src/main/java/com/nike/cerberus/auth/connector/okta/statehandlers/AbstractOktaStateHandler.java +++ b/src/main/java/com/nike/cerberus/auth/connector/okta/statehandlers/AbstractOktaStateHandler.java @@ -52,11 +52,11 @@ public abstract class AbstractOktaStateHandler extends AuthenticationStateHandle .put("RECOVERY", "Please check for a recovery token to reset your password or unlock your account.") .put("RECOVERY_CHALLENGE", "Please verify the factor-specific recovery challenge.") .put("PASSWORD_RESET", "Please set a new password.") - .put("LOCKED_OUT", "Your user account is locked. Self-service or admin unlock is required.") + .put("LOCKED_OUT", "Your OKTA user account is locked.") .put("MFA_ENROLL_ACTIVATE", "Please activate your factor to complete enrollment.") .build(); -// We currently do not support push notifications for Okta MFA verification. + // We currently do not support push notifications for Okta MFA verification. private static final ImmutableSet UNSUPPORTED_OKTA_MFA_TYPES = ImmutableSet.of(FactorType.PUSH); public final AuthenticationClient client; @@ -186,4 +186,4 @@ public void handleUnknown(AuthenticationResponse typedUnknownResponse) { DefaultApiError.AUTH_FAILED.getHttpStatusCode())) .build(); } -} \ No newline at end of file +}