Overview
After login at a service the service (SP) may be missing some information or requirements of the login, for example
- Too few attributes sent from the IdP
- Required attribute value is not sent from the IdP
- The service requires REFEDS MFA capability of the IdP but not supported by IdP (according to IdP Metadata)
- The IdP doesn't seem to support the forceAuthn SAML flag (either a SAML error from the errorURL or the AuthenticationInstant is not refreshed
There currently is no best-practice for how a service should inform users of non-technical shortcomings of logins. It would be convenient if IdP's could supply URL's to different support pages that services could referer to depending on pre-defined problems with logins. Many login problems are not detected until after login.
ACAMP at TechEx had a session regarding this. Notes and Post-ACAMP work are available at https://bit.ly/2rOYgl1
Terms
The following terms apply to all REFEDS Working Groups:
- When a working group is agreed, REFEDS Participants will be asked if they wish to participate. Working Groups tend to be small, so consensus can be achieved quickly between participants.
- A chair for the group is chosen from the REFEDS Participants.
- GÉANT provides facilities for the working group, including meeting support, wiki space, mailing lists and, where appropriate, funding.
- An appropriate output from the group is produced. Currently, this is typically a draft white paper or a wiki page.
- When the Working Group is in agreement, the chair shares the outputs with the wider REFEDS community with an open period for discussion and comment. This is typically a period of 4 weeks, but may be longer if appropriate.
- After this period of time, the REFEDS Steering Committee signs off on the work item. Work is either written up as a formal white paper, left on the wiki but promoted as finished work or occasionally submitted as an Internet Draft.
Mailing List
https://lists.refeds.org/sympa/info/error-handling
(a Slack channel is also available on the eduGAIN slack instance)
Chair
Fredrik Domeij (SWAMID)
Deliverables
- Best practice statement on SP error handling for non-technical issues at login
- Working Document
- Consultation
- Final Specification (DOI: 10.5281/zenodo.3941965)
Meeting Notes
- Kick-off call - 13 February 2020
- Error Handling WG Notes - 20 February 2020
- Error Handling WG Notes - 27 February 2020
- Error Handling WG Notes - 5 March 2020
- Error Handling WG Notes - 12 March 2020
- Error Handling WG Notes - 19 March 2020
- Error Handling WG Notes - 26 March 2020
- Error Handling WG Notes - 2 April 2020
- Error Handling WG Notes - 9 April 2020
- Error Handling WG Notes - 21 May 2020
- Error Handling WG Notes - 28 May 2020
- Error Handling WG Notes - 4 June 2020
- Consultation Response call - 18 June 2020
Timeline
- Initial proposal target date: mid-March 2020