13daaa55ba
closes #27879 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
20 lines
1.1 KiB
Text
20 lines
1.1 KiB
Text
|
|
[[_saml-errors]]
|
|
=== {project_name} specific errors
|
|
|
|
{project_name} server can send an error to the client application in the SAML response, which may contain a SAML status such as:
|
|
|
|
[source,xml]
|
|
----
|
|
<samlp:Status>
|
|
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
|
|
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/>
|
|
</samlp:StatusCode>
|
|
<samlp:StatusMessage>authentication_expired</samlp:StatusMessage>
|
|
</samlp:Status>
|
|
----
|
|
|
|
{project_name} sends this error when a user is authenticated and has an SSO session, but the authentication session expired in the current browser tab and hence {project_name} server cannot automatically do SSO
|
|
re-authentication of the user and redirect back to client with successful response. When a client application receives this type of error, it is ideal to retry authentication immediately and send a new
|
|
SAML request to the {project_name} server, which should typically always authenticate the user due to the SSO session and redirect back. More details in
|
|
the link:{adminguide_link}#_authentication-sessions[{adminguide_name}].
|