I am in complete agreement, but the application developer had asked me to return the status codes so he could respond/track them in some way. I wanted to cover my bases to ensure I wasn't overlooking something before I said it can't be done. I have customized our Shibboleth error pages and I think that will be enough.
Thanks.
________________________________
From: Dave Perry <Dave.Perry-NOSDTyrR4+***@public.gmane.org>
To: Shib Users <users-***@public.gmane.org>
Sent: Tuesday, September 23, 2014 11:51 AM
Subject: RE: Accessing authentication response status code
I could well be missing something here, but isnât the point of Shibboleth protecting a webapp that the SP only gets involved in dishing up pages if it gets an âOK you are a valid userâ session from the IdP? Excluding any verification of attributes etc by the SP itself?
I know thereâs an SP error page, which you could possibly customise, but Iâm not sure how dynamic it is or what it can trap.
The SP might log these errors for you, but for your app to be loosely work enough to get them I donât know.
Dave
_________________________________________________
Dave Perry
eLearning Technologist, Hull College Group
Room L34 - Queens Gardens Library
Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
Extension 2230 / Direct Dial 01482 381930
* Need a fast reply? Try elearning-NOSDTyrR4+***@public.gmane.org *
From:users-***@shibboleth.net [mailto:users-bounces-***@public.gmane.org] On Behalf Of Rob Commarota
Sent: 23 September 2014 16:45
To: users-***@public.gmane.org
Subject: Accessing authentication response status code
Is there any way to access the authentication response status code outside of the error handling capabilities of Shibboleth? The documentation is very clear on how to use statusCode, StatusCode2, and statusMessage in the error templates, but we'd like to something a little different if it is possible.
Our IdP is returning status code such as:
urn:securekey:names:tc:SAML:2.0:status:UserCancelled
urn:securekey:names:tc:SAML:2.0:status:SystemUnavailable
urn:securekey:names:tc:SAML:2.0:status:AuthnFailed
We'd like to be able to interpret these in the application to provide some direction for the end user. I thought I might be able to treat the status codes as attributes, but they really aren't attributes, so I am not sure that makes sense.
________________________________
This message is sent in confidence for the addressee only. It may contain confidential or sensitive information. The contents are not to be disclosed to anyone other than the addressee. Unauthorised recipients are requested to preserve this confidentiality and to advise us of any errors in transmission. Any views expressed in this message are solely the views of the individual and do not represent the views of the College. Nothing in this message should be construed as creating a contract.
Hull College owns the email infrastructure, including the contents.
Hull College is committed to sustainability, please reflect before printing this email.
________________________________
--
To unsubscribe from this list send an email to users-***@shibboleth.net