Merge branch 'hotfix/23.2.1'

CenterForOpenScience · Jul 7, 2023 · 32bb4fa · 32bb4fa
2 parents 5ce8e80 + 4a5da49
commit 32bb4fa
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+23.2.1 (07-07-2023)
+===================
+
+* Fix SSO error handling for inactive users
+
 23.2.0 (06-25-2023)
 ===================
 

diff --git a/...n/java/io/cos/cas/osf/web/flow/login/OsfPrincipalFromNonInteractiveCredentialsAction.java b/...n/java/io/cos/cas/osf/web/flow/login/OsfPrincipalFromNonInteractiveCredentialsAction.java
@@ -7,6 +7,7 @@
 import com.google.gson.JsonParser;
 
 import io.cos.cas.osf.authentication.credential.OsfPostgresCredential;
+import io.cos.cas.osf.authentication.exception.InstitutionSsoAccountInactiveException;
 import io.cos.cas.osf.authentication.exception.InstitutionSsoAttributeMissingException;
 import io.cos.cas.osf.authentication.exception.InstitutionSsoAttributeParsingException;
 import io.cos.cas.osf.authentication.exception.InstitutionSsoDuplicateIdentityException;
@@ -788,7 +789,7 @@ private OsfApiInstitutionAuthenticationResult notifyOsfApiOfInstnAuthnSuccess(
                 }
                 if (OsfApiPermissionDenied.INSTITUTION_SSO_ACCOUNT_INACTIVE.getId().equals(errorDetail)) {
                     LOGGER.error("[OSF API] Failure - Inactive Account: {}", ssoUser);
-                    throw new InstitutionSsoDuplicateIdentityException("OSF API denies inactive account");
+                    throw new InstitutionSsoAccountInactiveException("OSF API denies inactive account");
                 }
             }
             // Handle unidentified HTTP 403 FORBIDDEN failures