Accessing authentication response status code

Rob Commarota robcom99 at
Tue Sep 23 12:07:10 EDT 2014

I am in complete agreement, but the application developer had asked me to return the status codes so he could respond/track them in some way. I wanted to cover my bases to ensure I wasn't overlooking something before I said it can't be done. I have customized our Shibboleth error pages and I think that will be enough. 


 From: Dave Perry <Dave.Perry at>
To: Shib Users <users at> 
Sent: Tuesday, September 23, 2014 11:51 AM
Subject: RE: Accessing authentication response status code

I could well be missing something here, but isn’t the point of Shibboleth protecting a webapp that the SP only gets involved in dishing up pages if it gets an ‘OK you are a valid user’ session from the IdP? Excluding any verification of attributes etc by the SP itself?
I know there’s an SP error page, which you could possibly customise, but I’m not sure how dynamic it is or what it can trap.
The SP might log these errors for you, but for your app to be loosely work enough to get them I don’t know.
Dave Perry
eLearning Technologist, Hull College Group

Room L34 - Queens Gardens Library
Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
Extension 2230 / Direct Dial 01482 381930
* Need a fast reply? Try elearning at *
From:users-bounces at [mailto:users-bounces at] On Behalf Of Rob Commarota
Sent: 23 September 2014 16:45
To: users at
Subject: Accessing authentication response status code
Is there any way to access the authentication response status code outside of the error handling capabilities of Shibboleth? The documentation is very clear on how to use statusCode, StatusCode2, and statusMessage in the error templates, but we'd like to something a little different if it is possible.
Our IdP is returning status code such as:

We'd like to be able to interpret these in the application to provide some direction for the end user. I thought I might be able to treat the status codes as attributes, but they really aren't attributes, so I am not sure that makes sense.


This message is sent in confidence for the addressee only.  It may contain confidential or sensitive information.  The contents are not to be disclosed to anyone other than the addressee.  Unauthorised recipients are requested to preserve this confidentiality and to advise us of any errors in transmission.  Any views expressed in this message are solely the views of the individual and do not represent the views of the College.  Nothing in this message should be construed as creating a contract.

Hull College owns the email infrastructure, including the contents.

Hull College is committed to sustainability, please reflect before printing this email.


To unsubscribe from this list send an email to users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list