Handle errors when smartcard user not found on LDAP server

Andrew Evansrequested to merge
511948-smartcard-ldap-login-error-fix into master

What does this MR do and why?

Handle errors when smartcard user not found on LDAP server

Currently if you try to log in using a smart card for an LDAP server, but the certificate doesn't return anything from the LDAP server, an error is raised. With this change, the user will be redirected to the sign-in page with the message "failed to log in," the same as if the user entered an incorrect name or password for LDAP sign-in.

References

Screenshots or screen recordings

Before After
Screenshot_2025-03-28_at_9.18.32_PM Screenshot_2025-03-28_at_9.17.58_PM

How to set up and validate locally

  1. Ensure Smart Card authentication is set up on your GDK
  2. Allow LDAP authentication with smart cards in your GDK - note the current docs are incorrect, the key to use in gitlab.yml under ldap is smartcard_auth: not smartcard: - MR to update the docs is here
  3. Log in using a generated certificate that does not match any existing users on the LDAP server (using GDK OpenLDAP, any certificate created using mkcert should satisfy this condition)

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #511948 (closed)

Merge request reports