theforeman · stejskalleos · Nov 8, 2023 · Nov 2, 2023
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
@@ -199,7 +199,8 @@ def authorize
 
       unless authenticate
         count_login_failure
-        render_error('unauthorized', :status => :unauthorized, :locals => { :user_login => @available_sso.try(:user) })
+        message = @available_sso.try(:failed_auth_message)
+        render_error('unauthorized', status: :unauthorized, locals: { user_login: @available_sso.try(:user), message: message ? _(message) : ''})
         return false
       end
 

diff --git a/app/services/sso/jwt.rb b/app/services/sso/jwt.rb
@@ -1,6 +1,7 @@
 module SSO
   class Jwt < Base
     attr_reader :current_user
+    attr_reader :failed_auth_message
 
     def available?
       controller.api_request? && bearer_token_set? && no_issuer?
@@ -19,10 +20,12 @@ def authenticate!
       @current_user = user
       user&.login
     rescue JWT::ExpiredSignature
-      Rails.logger.warn "JWT SSO: Expired JWT token."
+      @failed_auth_message = N_("JWT SSO: Expired JWT token.")
+      Rails.logger.warn @failed_auth_message
       nil
     rescue JWT::DecodeError
-      Rails.logger.warn "JWT SSO: Failed to decode JWT."
+      @failed_auth_message = N_("JWT SSO: Failed to decode JWT.")
+      Rails.logger.warn @failed_auth_message
       nil
     end