Use USER_DISABLED error for authz authenticator

META-INF/keycloak-scripts.json

@@ -1,19 +1,9 @@
 {
   "authenticators": [
     {
-      "name": "User Enabled Authenticator",
-      "fileName": "user-enabled-authenticator.js",
-      "description": "Allow only enabled users"
-    },
-    {
-      "name": "CSM Authenticator",
-      "fileName": "csm-authenticator.js",
-      "description": "CSM EmployeeStatus Authenticator"
-    },
-    {
-      "name": "Authorization Authenticator",
+      "name": "OSC Authz Authenticator",
       "fileName": "authz-authenticator.js",
-      "description": "Authorization Authenticator"
+      "description": "OSC Authz Authenticator"
     }
   ],
   "policies": [],

authz-authenticator.js

@@ -17,15 +17,15 @@ function authenticate(context) {
     var allowed = /(REQAPPROVAL|ACTIVE|WEBONLY|RESTRICTED)/;
     var employeeStatus = user.getFirstAttribute("employeeStatus");
     if (employeeStatus && !allowed.test(employeeStatus)) {
-      context.failure(AuthenticationFlowError.INVALID_USER);
+      context.failure(AuthenticationFlowError.USER_DISABLED);
       return;
     }
   } else {
     /*
       All other clients will authorize if the user account is not disabled or locked
     */
     if (user.getFirstAttribute("nsAccountLock") == "TRUE" || user.getFirstAttribute("loginDisabled") == "TRUE") {
-      context.failure(AuthenticationFlowError.INVALID_USER);
+      context.failure(AuthenticationFlowError.USER_DISABLED);
       return;
     }
   }