mirror of
https://github.com/minio/minio.git
synced 2025-01-23 12:43:16 -05:00
fix: enhance openid claim missing error (#12608)
The error implies an expected claim is missing even when the claim is present. Added an additional error message to clarify the problem.
This commit is contained in:
Aditya Manthramurthy
GitHub
parent
5a33d3f05a
commit
dc6958b6a1
@ -343,14 +343,21 @@ func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Requ
|
|||||||
// JWT custom claims.
|
// JWT custom claims.
|
||||||
var policyName string
|
var policyName string
|
||||||
policySet, ok := iampolicy.GetPoliciesFromClaims(m, iamPolicyClaimNameOpenID())
|
policySet, ok := iampolicy.GetPoliciesFromClaims(m, iamPolicyClaimNameOpenID())
|
||||||
|
policies := strings.Join(policySet.ToSlice(), ",")
|
||||||
if ok {
|
if ok {
|
||||||
policyName = globalIAMSys.CurrentPolicies(strings.Join(policySet.ToSlice(), ","))
|
policyName = globalIAMSys.CurrentPolicies(policies)
|
||||||
}
|
}
|
||||||
|
|
||||||
if policyName == "" && globalPolicyOPA == nil {
|
if globalPolicyOPA == nil {
|
||||||
|
if !ok {
|
||||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue,
|
writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue,
|
||||||
fmt.Errorf("%s claim missing from the JWT token, credentials will not be generated", iamPolicyClaimNameOpenID()))
|
fmt.Errorf("%s claim missing from the JWT token, credentials will not be generated", iamPolicyClaimNameOpenID()))
|
||||||
return
|
return
|
||||||
|
} else if policyName == "" {
|
||||||
|
writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue,
|
||||||
|
fmt.Errorf("None of the given policies (`%s`) are defined, credentials will not be generated", policies))
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
m[iamPolicyClaimNameOpenID()] = policyName
|
m[iamPolicyClaimNameOpenID()] = policyName
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user