auth_saml: report user creation errors (#50834)

debian/control

@@ -39,7 +39,8 @@ Depends: ${misc:Depends}, ${python3:Depends},
     python3-chardet,
     python3-attr (>=17),
     python3-pycryptodome,
-    python3-atomicwrites
+    python3-atomicwrites,
+    python3-django-mellon>=1.22
 Conflicts: python-authentic2
 Replaces: python-authentic2
 Description: Versatile identity server

setup.py

@@ -131,7 +131,7 @@ setup(name="authentic2",
           'python-ldap',
           'django-filter>1,<2.3',
           'pycryptodomex',
-          'django-mellon',
+          'django-mellon>=1.22',
           'ldaptools',
           'jwcrypto>=0.3.1,<1',
           'cryptography',

src/authentic2_auth_saml/adapters.py

@@ -19,8 +19,10 @@ from __future__ import unicode_literals
 import logging
 
 from django.utils import six
+from django.contrib import messages
 from django.core.exceptions import MultipleObjectsReturned
 from django.db.transaction import atomic
+from django.utils.translation import ugettext as _
 
 from mellon.adapters import DefaultAdapter, UserCreationError
 from mellon.utils import get_setting
@@ -74,8 +76,10 @@ class AuthenticAdapter(DefaultAdapter):
         try:
             self.provision_a2_attributes(user, idp, saml_attributes)
         except MappingError as e:
-            logger.warning('auth_saml: failure during attribute provisionning %s', e)
-            raise UserCreationError('user creation failed on a mandatory mapping action: %s' % e)
+            logger.warning('auth_saml: user creation failed on a mandatory mapping action, %s', e)
+            if self.request:
+                messages.error(self.request, _('user creation failed on a mandatory mapping action: %s') % e)
+            raise UserCreationError
         if not user.ou:
             user.ou = get_default_ou()
             user.save()