From 1b78c55c27faaa8606d2e6da07851377b31d4600 Mon Sep 17 00:00:00 2001
From: nofaralfasi <nalfassi@redhat.com>
Date: Thu, 2 Nov 2023 18:01:00 -0500
Subject: [PATCH] Fixes #36889 - Add error message to indicate failed
 authentication

---
 app/controllers/api/base_controller.rb | 2 +-
 app/services/sso/jwt.rb                | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index 667670fbdb5..9ea9a39d28e 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -199,7 +199,7 @@ def authorize
 
       unless authenticate
         count_login_failure
-        render_error('unauthorized', :status => :unauthorized, :locals => { :user_login => @available_sso.try(:user) })
+        render_error('unauthorized', status: :unauthorized, locals: { user_login: @available_sso.try(:user), message: _(@available_sso.failed_authentication_message)})
         return false
       end
 
diff --git a/app/services/sso/jwt.rb b/app/services/sso/jwt.rb
index f85f6deb337..71d447a8994 100644
--- a/app/services/sso/jwt.rb
+++ b/app/services/sso/jwt.rb
@@ -1,6 +1,7 @@
 module SSO
   class Jwt < Base
     attr_reader :current_user
+    attr_reader :failed_authentication_message
 
     def available?
       controller.api_request? && bearer_token_set? && no_issuer?
@@ -19,10 +20,12 @@ def authenticate!
       @current_user = user
       user&.login
     rescue JWT::ExpiredSignature
-      Rails.logger.warn "JWT SSO: Expired JWT token."
+      @failed_authentication_message = "JWT SSO: Expired JWT token."
+      Rails.logger.warn @failed_authentication_message
       nil
     rescue JWT::DecodeError
-      Rails.logger.warn "JWT SSO: Failed to decode JWT."
+      @failed_authentication_message = "JWT SSO: Failed to decode JWT."
+      Rails.logger.warn @failed_authentication_message
       nil
     end