Federation Manager Guide › Federation Partnerships › Application Integration › Failed Authentication Handling Using Redirect URLs (Relying Party)

Failed Authentication Handling Using Redirect URLs (Relying Party)

Assertion-based authentication can fail at the site that consumes assertions. If authentication does fail, you can configure Federation Manager to redirect the user to different applications (URLs) for further processing. For example, when user disambiguation fails, Federation Manager can be configured to send the user to a provisioning system, which could create a user account based on the information found in the SAML assertion.

Setting up redirect URLs is optional and is only configurable at the relying party.

To configure the redirect URLs

1. Begin at the Application Integration step of the Partnership wizard.
2. In the Status Redirect URL section of the dialog, configure only those settings for the failure conditions for which you want to redirect users. The settings in the Status Redirect URLs group box are:
   • User Not Found
   • Invalid SSO Message
   • Unaccepted User Credential (SSO message)

   Note: You can click Help for a description of fields, controls, and their respective requirements.

3. For each redirect option you configure, specify the method by which Federation Manager redirects the user. The options are:
   • 302 No Data (default)

     Redirects the user with an HTTP 302 redirect and no data.

   • HTTP Post

     Redirects the user with the HTTP Post protocol.

Configuration of the redirect URLs is complete.