Allow SAML protocol to answer with "Responder" instead of 403

Question

Allow SAML protocol to answer with "Responder" instead of 403

AlistairDoswald opened this issue 7 years ago · 0 comments

Currently all protocols answer with 403 Forbidden when a user is not authorized to access a client. However, the SAML protocol is able to reply with "responder" when the user is not authorized to access the resource.

For this enhancement, we want to:

Add a method to io.cloudtrust.keycloak.protocol.LocalAuthorizationService to allow returning a "responder" message instead of a 403
Modify the Settings page for SAML authorization (or directly on the SAML client page) to allow to choose whether the client will respond with 403 or responder.