fix(saml2): Improve error message on attribute mapping (#16347)

Author: evanpurkhiser

src/sentry/auth/helper.py

@@ -4,6 +4,7 @@
 
 from uuid import uuid4
 
+import six
 from django.conf import settings
 from django.contrib import messages
 from django.core.urlresolvers import reverse
@@ -637,8 +638,8 @@ def finish_pipeline(self):
 
         try:
             identity = self.provider.build_identity(data)
-        except IdentityNotValid:
-            return self.error(ERR_INVALID_IDENTITY)
+        except IdentityNotValid as error:
+            return self.error(six.text_type(error) or ERR_INVALID_IDENTITY)
 
         if self.state.flow == self.FLOW_LOGIN:
             # create identity and authenticate the user

src/sentry/auth/providers/saml2/provider.py

@@ -299,7 +299,12 @@ def build_identity(self, state):
 
         # Email and identifier MUST be correctly mapped
         if not attributes[Attributes.IDENTIFIER] or not attributes[Attributes.USER_EMAIL]:
-            raise IdentityNotValid
+            raise IdentityNotValid(
+                _(
+                    "Failed to map SAML attributes. Assertion returned the following attribute keys: %(keys)s"
+                )
+                % {"keys": raw_attributes.keys()}
+            )
 
         name = (attributes[k] for k in (Attributes.FIRST_NAME, Attributes.LAST_NAME))
         name = " ".join(filter(None, name))

src/sentry/static/sentry/app/views/app.jsx

@@ -114,6 +114,7 @@ class App extends React.Component {
       AlertActions.addAlert({
         message: msg.message,
         type: msg.level,
+        neverExpire: true,
       });
     });