Federation Security Services Guide › Configure SiteMinder as a SAML 2.0 Identity Provider › HTTP Error Handling at the IdP

HTTP Error Handling at the IdP

Assertion-based single sign-on can fail at the Identity Provider for various reasons. If an HTTP error occurs, Federation Security Services provides functionality to redirect the user to different applications (URLs) for further processing. Redirection to a customized error page can take place only when the IdP has the necessary information about the Service Provider. If this information is not available when the error occurs, only the HTTP error code is returned to the browser without any redirection.

You can configure redirect URLs for HTTP handling, but they are not required.

To configure optional redirect URLs for error handling

1. From the SAML Service Provider Properties dialog, select the Advanced tab.

   The Advanced tab dialog displays.

2. Click Additional Configuration.

   The Additional URL Configuration dialog opens.

3. Specify a URL for one or more of the following settings:

   Note: Click Help for a description of fields, controls, and their respective requirements.

   • Enable Server Error URL
   • Enable Invalid Request URL
   • Enable Unauthorized Access URL
4. Select one of the following for the redirect mode:
   • 302 No Data
   • HTTP POST
5. Click OK.

Note: These redirect URLs can be used with the SiteMinder Assertion Consumer Plug-in for further assertion processing. If an assertion request fails, the plug-in can send the user to one of the redirect URLs you specify.