Commit 81a7239c authored by Alvaro Iradier's avatar Alvaro Iradier
Browse files

Better error handling

* Raise an internal error if username claim is not found, instead of just logging a warning
* Don't remove userInfoKey for session on error when it is not required
* Rename "OIDC Username Claim" to just "Username claim"
Signed-off-by: default avatarAlvaro Iradier <>
parent 6f88ff74
......@@ -321,11 +321,11 @@ func userInfoFromClaims(c claimsProvider, g, u string) (*UserInfo, error) {
return nil, err
if username, ok := allClaims[u].(string); !ok {
log.Warningf("OIDC. Failed to recover Username from claim. Claim '%s' is empty", u)
} else {
res.Username = username
username, ok := allClaims[u].(string)
if !ok {
return nil, fmt.Errorf("OIDC. Failed to recover Username from claim. Claim '%s' is invalid or not a string", u)
res.Username = username
res.Groups, res.hasGroupClaim = GroupsFromClaims(c, g)
......@@ -212,7 +212,6 @@ func userOnboard(oc *OIDCController, info *oidc.UserInfo, username string, token
return nil, false
......@@ -260,6 +259,7 @@ func (oc *OIDCController) Onboard() {
func secretAndToken(tokenBytes []byte) (string, string, error) {
......@@ -914,7 +914,7 @@
"SCOPE": "OIDC Scope",
"OIDC_VERIFYCERT": "Verify Certificate",
"OIDC_AUTOONBOARD": "Automatic onboarding",
"USER_CLAIM": "OIDC Username Claim",
"USER_CLAIM": "Username Claim",
"OIDC_SETNAME": "Set OIDC Username",
"OIDC_SETNAMECONTENT": "You must create a Harbor username the first time when authenticating via a third party(OIDC).This will be used within Harbor to be associated with projects, roles, etc.",
"OIDC_USERNAME": "Username",
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment