fusionauth-issues
fusionauth-issues copied to clipboard
FusionAuth
FusionAuth should fail gracefully when OpenID Connect IdP endpoint fails
FusionAuth should fail gracefully when OpenID Connect IdP endpoint fails
Description
When users try to login to an application using an OpenID Connect Idp, and the IdP is failing, the error messages do not indicate an Idp failure.
Upon login, users are seeing:
Failed to complete a login for Identity Provider <redacted>.
The following errors occurred:
{
"fieldErrors" : { },
"generalErrors" : [ {
"code" : "[Exception]",
"message" : "FusionAuth encountered an unexpected error. Please review the troubleshooting guide found in the documentation for assistance and the available support channels."
} ]
}
Event logs with metadata redacted:
Unable to resolve OpenID Connect configuration using issuer [https://............/OIDC] for [
Request to the [https://........./.well-known/openid-configuration] endpoint failed.
Status code [-1]
Exception encountered.
java.net.SocketException : Message: Connection reset
If an IdP is having issues or not returning certain metadata, a message stating there was an issue connecting to your identity provider should be displayed to the user, such as the one in the event logs above, instead of a generic exception. The name of the IdP Service provider should continue to be redacted.
