Accessing authentication response status code

Dave Perry Dave.Perry at hull-college.ac.uk
Tue Sep 23 11:51:19 EDT 2014 

I could well be missing something here, but isn't the point of Shibboleth protecting a webapp that the SP only gets involved in dishing up pages if it gets an 'OK you are a valid user' session from the IdP? Excluding any verification of attributes etc by the SP itself?

I know there's an SP error page, which you could possibly customise, but I'm not sure how dynamic it is or what it can trap.

The SP might log these errors for you, but for your app to be loosely work enough to get them I don't know.


Dave
_________________________________________________
Dave Perry
eLearning Technologist, Hull College Group

Room L34 - Queens Gardens Library
Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
Extension 2230 / Direct Dial 01482 381930

* Need a fast reply? Try elearning at hull-college.ac.uk<mailto:elearning at hull-college.ac.uk> *

From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Rob Commarota
Sent: 23 September 2014 16:45
To: users at shibboleth.net
Subject: Accessing authentication response status code

Is there any way to access the authentication response status code outside of the error handling capabilities of Shibboleth? The documentation is very clear on how to use statusCode, StatusCode2, and statusMessage in the error templates, but we'd like to something a little different if it is possible.

Our IdP is returning status code such as:

urn:securekey:names:tc:SAML:2.0:status:UserCancelled
urn:securekey:names:tc:SAML:2.0:status:SystemUnavailable
urn:securekey:names:tc:SAML:2.0:status:AuthnFailed

We'd like to be able to interpret these in the application to provide some direction for the end user. I thought I might be able to treat the status codes as attributes, but they really aren't attributes, so I am not sure that makes sense.


**********************************************************************
This message is sent in confidence for the addressee
only. It may  contain confidential or sensitive
information.  The contents are not to be disclosed
to anyone other than the addressee.  Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission.  Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College.  Nothing in this
message should be construed as creating a contract.

Hull College owns the email infrastructure, including the contents.

Hull College is committed to sustainability, please reflect before printing this email.
**********************************************************************

TEXT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140923/a60720ea/attachment.html

More information about the users mailing list