Concur Application: adding custom elements to shib IdP SAML response
Peter Schober
peter.schober at univie.ac.at
Thu May 4 15:51:15 EDT 2017
* Reid Watson <reid.watson at auckland.ac.nz> [2017-05-04 21:10]:
> In 2014 a post was created stating “ adding custom elements to shib IdP SAML response"
>
> http://shibboleth.net/pipermail/users/2014-December/018467.html
>
> Basic Overview "Adding an URL to the SAML response so the vendor can
> redirect to an error page for unauthorised users”
The SAML 2.0 Metadata spec allows populating a "errorURL" XML
attribute in role descriptors. So you could add that to your IDP's
Metadata and have the SP read it from there (assuming the SP can
consume SAML Metadata; otherwise just give them the URL to use out of
band).
Other than that: If you want to send a URL to the SP, why not send it
in an attribute statement and have the SP grab it from there?
The SP will need to dig through the SAML anyway to grab it from
/somewhere/ so it might as well be an attribute, no?
-peter
More information about the users
mailing list