Hello,

I am trying to return custom error description and error. To achieve this, I added below 2 lines in my mapping rule and in JSON response body I get them which is expected however the status code returned is of HTTP 200. Is there any way to override that response status code to something else e.g. 400 in mapping rule?

stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error_description", "urn:ibm:names:ITFIM:oauth:response:attribute", "201.2"));
stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error", "urn:ibm:names:ITFIM:oauth:response:attribute", "Unauthorized_client"));

Note- I tried using OAuthMappingExtUtils.throwSTSAccessDeniedMessageException("Unauthorized_client"); as well however in this case, the response body I get is and HTTP status code is 401

{
"error_description": "Unauthorized_client",
"error": "access_denied"
}



------------------------------
Niranjan Govardhan
------------------------------

Niranjan , have you tried using the generic exception method?"

throw new Exception({your custom message});

------------------------------
Joe Dennis
------------------------------

Original Message:
Sent: Thu November 14, 2019 03:07 PM
From: Niranjan Govardhan
Subject: Error message from mapping rule

Hello,

I am trying to return custom error description and error. To achieve this, I added below 2 lines in my mapping rule and in JSON response body I get them which is expected however the status code returned is of HTTP 200. Is there any way to override that response status code to something else e.g. 400 in mapping rule?

stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error_description", "urn:ibm:names:ITFIM:oauth:response:attribute", "201.2"));
stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error", "urn:ibm:names:ITFIM:oauth:response:attribute", "Unauthorized_client"));

Note- I tried using OAuthMappingExtUtils.throwSTSAccessDeniedMessageException("Unauthorized_client"); as well however in this case, the response body I get is and HTTP status code is 401

{
"error_description": "Unauthorized_client",
"error": "access_denied"
}



------------------------------
Niranjan Govardhan
------------------------------

Hi Joe,


Looks like Exception class is not allowed in mapping rule. i did not find it under whitelist on infocenter. Instead I tried with STSModuleException, the response did not include the custom message that I provided and was thrown as HTTP 500. 

let me know if there is any other way to throw an exception that client will receive as 400 .

------------------------------
Niranjan Govardhan
------------------------------

Original Message:
Sent: Fri November 15, 2019 09:47 AM
From: Joe Dennis
Subject: Error message from mapping rule

Niranjan , have you tried using the generic exception method?"

throw new Exception({your custom message});

------------------------------
Joe Dennis

Original Message:
Sent: Thu November 14, 2019 03:07 PM
From: Niranjan Govardhan
Subject: Error message from mapping rule

Hello,

I am trying to return custom error description and error. To achieve this, I added below 2 lines in my mapping rule and in JSON response body I get them which is expected however the status code returned is of HTTP 200. Is there any way to override that response status code to something else e.g. 400 in mapping rule?

stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error_description", "urn:ibm:names:ITFIM:oauth:response:attribute", "201.2"));
stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error", "urn:ibm:names:ITFIM:oauth:response:attribute", "Unauthorized_client"));

Note- I tried using OAuthMappingExtUtils.throwSTSAccessDeniedMessageException("Unauthorized_client"); as well however in this case, the response body I get is and HTTP status code is 401

{
"error_description": "Unauthorized_client",
"error": "access_denied"
}



------------------------------
Niranjan Govardhan
------------------------------

Hi Niranjan,

Depending on the version of ISAM version you are using, OAuthMappingExtUtils provides a way to throw a custom error message with a status code and error code.

OAuthMappingExtUtils.throwSTSCustomUserPageException("Custom Error message",400,"invalid_request");


------------------------------
Sumana Narasipur
------------------------------

Original Message:
Sent: Fri November 15, 2019 11:29 AM
From: Niranjan Govardhan
Subject: Error message from mapping rule

Hi Joe,


Looks like Exception class is not allowed in mapping rule. i did not find it under whitelist on infocenter. Instead I tried with STSModuleException, the response did not include the custom message that I provided and was thrown as HTTP 500. 

let me know if there is any other way to throw an exception that client will receive as 400 .

------------------------------
Niranjan Govardhan

Original Message:
Sent: Fri November 15, 2019 09:47 AM
From: Joe Dennis
Subject: Error message from mapping rule

Niranjan , have you tried using the generic exception method?"

throw new Exception({your custom message});

------------------------------
Joe Dennis

Original Message:
Sent: Thu November 14, 2019 03:07 PM
From: Niranjan Govardhan
Subject: Error message from mapping rule

Hello,

I am trying to return custom error description and error. To achieve this, I added below 2 lines in my mapping rule and in JSON response body I get them which is expected however the status code returned is of HTTP 200. Is there any way to override that response status code to something else e.g. 400 in mapping rule?

stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error_description", "urn:ibm:names:ITFIM:oauth:response:attribute", "201.2"));
stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error", "urn:ibm:names:ITFIM:oauth:response:attribute", "Unauthorized_client"));

Note- I tried using OAuthMappingExtUtils.throwSTSAccessDeniedMessageException("Unauthorized_client"); as well however in this case, the response body I get is and HTTP status code is 401

{
"error_description": "Unauthorized_client",
"error": "access_denied"
}



------------------------------
Niranjan Govardhan
------------------------------

Thank you for your resposne! we are on ISAM 9.0.6. I am not finding this method in relevant documentation. May I know in which version this is supported?

------------------------------
Niranjan Govardhan
------------------------------

Original Message:
Sent: Sat November 16, 2019 10:37 PM
From: Sumana Narasipur
Subject: Error message from mapping rule

Hi Niranjan,

Depending on the version of ISAM version you are using, OAuthMappingExtUtils provides a way to throw a custom error message with a status code and error code.

OAuthMappingExtUtils.throwSTSCustomUserPageException("Custom Error message",400,"invalid_request");


------------------------------
Sumana Narasipur

Original Message:
Sent: Fri November 15, 2019 11:29 AM
From: Niranjan Govardhan
Subject: Error message from mapping rule

Hi Joe,


Looks like Exception class is not allowed in mapping rule. i did not find it under whitelist on infocenter. Instead I tried with STSModuleException, the response did not include the custom message that I provided and was thrown as HTTP 500. 

let me know if there is any other way to throw an exception that client will receive as 400 .

------------------------------
Niranjan Govardhan

Original Message:
Sent: Fri November 15, 2019 09:47 AM
From: Joe Dennis
Subject: Error message from mapping rule

Niranjan , have you tried using the generic exception method?"

throw new Exception({your custom message});

------------------------------
Joe Dennis

Original Message:
Sent: Thu November 14, 2019 03:07 PM
From: Niranjan Govardhan
Subject: Error message from mapping rule

Hello,

I am trying to return custom error description and error. To achieve this, I added below 2 lines in my mapping rule and in JSON response body I get them which is expected however the status code returned is of HTTP 200. Is there any way to override that response status code to something else e.g. 400 in mapping rule?

stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error_description", "urn:ibm:names:ITFIM:oauth:response:attribute", "201.2"));
stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error", "urn:ibm:names:ITFIM:oauth:response:attribute", "Unauthorized_client"));

Note- I tried using OAuthMappingExtUtils.throwSTSAccessDeniedMessageException("Unauthorized_client"); as well however in this case, the response body I get is and HTTP status code is 401

{
"error_description": "Unauthorized_client",
"error": "access_denied"
}



------------------------------
Niranjan Govardhan
------------------------------

Hi Niranjan,

Looking at your snippet I would guess you need this functionality in the OAuth mapping rule?
If that is the case you have available the following STS Exception:
     OAuthMappingExtUtils.throwSTSInvalidGrantMessageException('message', 'details')

This method sends back the 400 status code with error = 'invalid grant', which is a standard OAuth error response.
Example:


------------------------------
Dean Ivosevic
------------------------------

Original Message:
Sent: Thu November 14, 2019 03:07 PM
From: Niranjan Govardhan
Subject: Error message from mapping rule

Hello,

I am trying to return custom error description and error. To achieve this, I added below 2 lines in my mapping rule and in JSON response body I get them which is expected however the status code returned is of HTTP 200. Is there any way to override that response status code to something else e.g. 400 in mapping rule?

stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error_description", "urn:ibm:names:ITFIM:oauth:response:attribute", "201.2"));
stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error", "urn:ibm:names:ITFIM:oauth:response:attribute", "Unauthorized_client"));

Note- I tried using OAuthMappingExtUtils.throwSTSAccessDeniedMessageException("Unauthorized_client"); as well however in this case, the response body I get is and HTTP status code is 401

{
"error_description": "Unauthorized_client",
"error": "access_denied"
}



------------------------------
Niranjan Govardhan
------------------------------

Hi Dean,

Thank you for your response!

Yes, we are trying to achieve this in Oauth mapping rules. "invalid_grant" is not a valid error method in our case. I think transformation rule seems to be the only option with 9.0.6 version.

Thanks,
Niranjan.

------------------------------
Niranjan Govardhan
------------------------------

Original Message:
Sent: Mon November 18, 2019 03:21 AM
From: Dean Ivosevic
Subject: Error message from mapping rule

Hi Niranjan,

Looking at your snippet I would guess you need this functionality in the OAuth mapping rule?
If that is the case you have available the following STS Exception:
     OAuthMappingExtUtils.throwSTSInvalidGrantMessageException('message', 'details')

This method sends back the 400 status code with error = 'invalid grant', which is a standard OAuth error response.
Example:

{

    "error_description": "message",

    "details": "details",

    "error": "invalid_grant"

}

Unfortunately, I don't think that a method exists, for version 9.0.6 or 9.0.7, which allow you to freely specify the response you want. I would welcome such method with open arms. :)

Your last resort option could be to use HTTP transformation to set the status code you want on your responses. This is not really a desirable solution.

Good luck!
Dean

------------------------------
Dean Ivosevic

Original Message:
Sent: Thu November 14, 2019 03:07 PM
From: Niranjan Govardhan
Subject: Error message from mapping rule

Hello,

I am trying to return custom error description and error. To achieve this, I added below 2 lines in my mapping rule and in JSON response body I get them which is expected however the status code returned is of HTTP 200. Is there any way to override that response status code to something else e.g. 400 in mapping rule?

stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error_description", "urn:ibm:names:ITFIM:oauth:response:attribute", "201.2"));
stsuu.addContextAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("error", "urn:ibm:names:ITFIM:oauth:response:attribute", "Unauthorized_client"));

Note- I tried using OAuthMappingExtUtils.throwSTSAccessDeniedMessageException("Unauthorized_client"); as well however in this case, the response body I get is and HTTP status code is 401

{
"error_description": "Unauthorized_client",
"error": "access_denied"
}



------------------------------
Niranjan Govardhan
------------------------------