Previous Topic: Enable the Message Consumer Plug-in for SAML 1.xNext Topic: Supply SAML Attributes as HTTP Headers


Redirect Users After Failed SAML 1.x Authentication Attempts

For single sign-on processing, you can configure several optional redirect URLs if authentication at the consumer fails. The redirect URLs allow finer control over where a user is redirected if the assertion is not valid. For example, if a user cannot be located in a user store, you can fill in a User Not Found redirect URL and send the user to a registration page.

Note: These URLs are not required.

If you do not configure redirect URLs, standard SiteMinder processing takes place. How a failed authentication is handled depends on the configuration of the authentication scheme.

To configure optional redirect URLs

  1. From the Authentication Scheme Properties dialog, click Additional Configuration.

    The SAML 1.x Auth Scheme Properties dialog opens.

  2. Fill in a URL for one or more of the following fields:

    If you enter a value for the Redirect URL, you must also choose a mode.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

    Federation Web Services handles the errors by mapping the authentication reason into one of the configured redirect URLs, then the user can be redirected to that URL to report the error.

Note: These redirect URLs can be used in conjunction with the SiteMinder Message Consumer Plug-in for further assertion processing. If authentication fails, the plug-in can send the user to one of the redirect URLs you specify.