Discovery Page Login Errors

bliszewski

Greetings,

Since we support different authentication mechanisms for Canvas, we use a Discovery URL pointing to a page on our university's site to help people navigate to the appropriate place to login. Linking to the different login URLs is simple enough, but one of the things that was missed in our initial implementation was login error handling. So now we're trying to add at least some indication if there was a problem and context to provide our support folks.

We know that on a login error, Canvas will redirect back to the discovery page with a `message` URL parameter containing a message the error.

We can even find some of these possible messages from the Canvas login controllers, e.g. https://github.com/instructure/canvas-lms/blob/master/app/controllers/login/saml_controller.rb

However, our developers are, rightly, concerned about just writing any URL parameter message to the official LMS login page for fear that it could be abused to post official looking messages or direct people to malicious URLs.

While they are considering their own solutions, I just wanted to ask how others are handling the login errors that return to Discovery URL, to ensure it is an actual message returned from Canvas?

mzimmerman

Hi @bliszewski 

As far as I know, any login errors would be displayed the same way whether you are using a discovery page or if the user is directly using the login URL for that particular authentication provider.  

If I set up a discovery page/service, and select an auth provider from the discovery page, and I don't have a working login/password for that auth provider, it is the auth provider that displays the error about the incorrect login/password.  If I can successfully log in through the auth provider, but there's no matching login name in Canvas, I get an error message from Canvas telling me there is no account for that login name, and a link try again, which directs me back to the discovery page--with no other messages displayed.