InCommon has launched a new centralized Federated Error Handling Service for use by all Service Providers (SPs) in the federation. The goal is to provide a better experience for users in the event that they are unable to access a federated service, which will help prevent them from becoming confused or frustrated.
In many situations, the identity provider (IdP) does not provide the SP with sufficient information (attributes) to make an access control decision. Just telling a user that “the necessary attributes are not being released” usually does not help. We need to give users information and tools that will help them solve their problems.
Using this new service, SPs can automatically generate simple but effective error pages for the end user. These dynamic error pages rely on the Error Handling URL in IdP metadata, which provides a pointer to a comprehensive IdP support page for users that experience difficulties during federated login.
In order for this service to work effectively, IdP operators need to add the Error Handling URL in their metadata.
SP operators use the Federated Error Handling Service to automatically build and display a custom error page. The service takes advantage of MDUI elements in metadata to customize an SP-branded page displaying the SP’s logo and text specific to the SP and IdP in question. Visit the wiki for examples and instructions how to incorporate the Error Handling Service into your SP deployment.
We continue to look for ways to improve and expand on the tools available for use by site administrators. Please let us know if you have suggestions or questions (admin at incommon dot org).