keycloak-scim/docs/guides/securing-apps/partials/saml/saml-errors.adoc


[[_saml-errors]]
== {project_name} specific errors

{project_name} server can send an error to the client application in the SAML response, which may contain a SAML status such as:

[source,xml]
----
<samlp:Status>
  <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/>
  </samlp:StatusCode>
  <samlp:StatusMessage>authentication_expired</samlp:StatusMessage>
</samlp:Status>
----

{project_name} sends this error when a user is authenticated and has an SSO session, but the authentication session expired in the current browser tab and hence {project_name} server cannot automatically do SSO
re-authentication of the user and redirect back to client with successful response. When a client application receives this type of error, it is ideal to retry authentication immediately and send a new
SAML request to the {project_name} server, which should typically always authenticate the user due to the SSO session and redirect back.
The SAML adapter performs that retry automatically if the commented status is returned by the server.
More details in the link:{adminguide_link}#_authentication-sessions[{adminguide_name}].
Documentation for changes related to 'You are already logged in' scen… (#28595) closes #27879 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> 2024-04-11 06:18:41 +00:00
			`[[_saml-errors]]`
Convert chapter planning for securing applications and services to guides Final removal of the securing_apps documentation Final checks for links, order and other minor things Closes #31328 Signed-off-by: rmartinc <rmartinc@redhat.com> 2024-07-31 08:20:50 +00:00			`== {project_name} specific errors`
Documentation for changes related to 'You are already logged in' scen… (#28595) closes #27879 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> 2024-04-11 06:18:41 +00:00
			`{project_name} server can send an error to the client application in the SAML response, which may contain a SAML status such as:`

			`[source,xml]`
			`----`
			`<samlp:Status>`
			`<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">`
			`<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/>`
			`</samlp:StatusCode>`
			`<samlp:StatusMessage>authentication_expired</samlp:StatusMessage>`
			`</samlp:Status>`
			`----`

			`{project_name} sends this error when a user is authenticated and has an SSO session, but the authentication session expired in the current browser tab and hence {project_name} server cannot automatically do SSO`
			`re-authentication of the user and redirect back to client with successful response. When a client application receives this type of error, it is ideal to retry authentication immediately and send a new`
Convert chapter planning for securing applications and services to guides Final removal of the securing_apps documentation Final checks for links, order and other minor things Closes #31328 Signed-off-by: rmartinc <rmartinc@redhat.com> 2024-07-31 08:20:50 +00:00			`SAML request to the {project_name} server, which should typically always authenticate the user due to the SSO session and redirect back.`
			`The SAML adapter performs that retry automatically if the commented status is returned by the server.`
			`More details in the link:{adminguide_link}#_authentication-sessions[{adminguide_name}].`