After login at a service the service (SP) may be missing some information or requirements of the login, for example
- Too few attributes sent from the IdP
- Required attribute value is not sent from the IdP
- The service requires REFEDS MFA capability of the IdP but not supported by IdP (according to IdP Metadata)
- The IdP doesn't seem to support the forceAuthn SAML flag (either a SAML error from the errorURL or the AuthenticationInstant is not refreshed
There currently is no best-practice for how a service should inform users of non-technical shortcomings of logins. It would be convenient if IdP's could supply URL's to different support pages that services could referer to depending on pre-defined problems with logins. Many login problems are not detected until after login.
ACAMP at TechEx had a session regarding this. Notes and Post-ACAMP work are available at https://bit.ly/2rOYgl1
The following terms apply to all REFEDS Working Groups:
- When a working group is agreed, REFEDS Participants will be asked if they wish to participate. Working Groups tend to be small, so consensus can be achieved quickly between participants.
- A chair for the group is chosen from the REFEDS Participants.
- GÉANT provides facilities for the working group, including meeting support, wiki space, mailing lists and, where appropriate, funding.
- An appropriate output from the group is produced. Currently, this is typically a draft white paper or a wiki page.
- When the Working Group is in agreement, the chair shares the outputs with the wider REFEDS community with an open period for discussion and comment. This is typically a period of 4 weeks, but may be longer if appropriate.
- After this period of time, the REFEDS Steering Committee signs off on the work item. Work is either written up as a formal white paper, left on the wiki but promoted as finished work or occasionally submitted as an Internet Draft.
Fredrik Domeij (SWAMID)
- Best practice statement on SP error handling for non-technical issues at login
- Kick-off call - 13 February 2020
- Error Handling WG Agenda - 20 February 2020
- Error Handling WG Agenda - 27 February 2020
- Error Handling WG Agenda - 5 March 2020
- Error Handling WG Agenda - 12 March 2020
- Error Handling WG Agenda - 19 March 2020
- Initial proposal target date: mid-March 2020