If a Service Provider cannot authenticate a user during a single sign-on transaction, that user can be redirected to a customized URL for further processing.
You can configure several optional redirect URLs for failed authentication. The redirect URLs allow finer control over where a user is redirected if the assertion is not valid. For example, if a user cannot be located in a user store, you can fill in a User Not Found redirect URL and send the user to a registration page.
You can configure the following:
Note: Configuring redirect URLs is not required.
The Status Redirect URLs on the Advanced tab are redirect URLs for specific status conditions. These conditions include a user is not found, the single sign-on message is invalid, or the user credentials are not accepted. If any of the conditions occur, redirect URLs can send the user to an application or a customized error page for further action.
The Additional URL Configuration dialog is where you configure redirect URLs to handle HTTP 500, 400, 405, and 403 error conditions. If any of these errors occur, redirect URLs can send the user to an application or a customized error page for further action.
Redirection to these customized URLs can take place only when enough information about the Identity Provider is provided to the Service Provider. For example, if during a request there is an issue in retrieving certificate information from smkeydatabase, the user is redirected to Server Error URL specified. However, if a request contains an invalid IdP ID, no redirection happens and the HTTP error code 400 is returned to the browser.
To configure optional redirect URLs for failed authentication
The SAML 2.0 Auth. Scheme Properties dialog opens.
Note: Click Help for a description of fields, controls, and their respective requirements.
Federation Web Services handles the errors by mapping the authentication reason into one of the configured redirect URLs, then the user can be redirected to that URL to report the error.
Note: These redirect URLs can be used with the SiteMinder Message Consumer Plug-in for further assertion processing. If authentication fails, the plug-in can send the user to one of the redirect URLs you specify.
Copyright © 2012 CA.
All rights reserved.
|
|