Details
-
Improvement
-
Resolution: Fixed
-
Medium
-
2.1.1
-
None
-
true
Description
Currently Seraph does not indicate why an authentication attempt failed, at least not from a in program filter or external script point of view
So we will add a new LoginReason enum and create a X-Seraph-LoginReason header to explain how the authentication process went.
Like this
/**
* The user is not allowed to even attempt a login. They are not allowed to by the {@link
* com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard}
*/
AUTHENTICATION_DENIED,
/**
* The user could not be authenticated.
*/
AUTHENTICATED_FAILED,
/**
* The user could not be authorised.
*/
AUTHORISATION_FAILED,
/**
* This indicates that person has in fact logged "out"
*/
OUT,
/**
* The login was OK
*/
OK;