After login at a service the service (SP) may be missing some information or requirements of the login, for example
- Too few attributes sent from the IdP
- Required attribute value is not sent from the IdP
- The service requires REFEDS MFA capability of the IdP but not supported by IdP (according to IdP Metadata)
- The IdP doesn't seem to support the forceAuthn SAML flag (either a SAML error from the errorURL or the AuthenticationInstant is not refreshed
There currently is no best-practice for how a service should inform users of non-technical shortcomings of logins. It would be convenient if IdP's could supply URL's to different support pages that services could referer to depending on pre-defined problems with logins. Many login problems are not detected until after login.
ACAMP at TechEx had a session regarding this. Notes and Post-ACAMP work are available at https://bit.ly/2rOYgl1
The following terms apply to all REFEDS Working Groups:
- When a working group is agreed, REFEDS Participants will be asked if they wish to participate. Working Groups tend to be small, so consensus can be achieved quickly between participants.
- A chair for the group is chosen from the REFEDS Participants.
- GÉANT provides facilities for the working group, including meeting support, wiki space, mailing lists and, where appropriate, funding.
- An appropriate output from the group is produced. Currently, this is typically a draft white paper or a wiki page.
- When the Working Group is in agreement, the chair shares the outputs with the wider REFEDS community with an open period for discussion and comment. This is typically a period of 4 weeks, but may be longer if appropriate.
- After this period of time, the REFEDS Steering Committee signs off on the work item. Work is either written up as a formal white paper, left on the wiki but promoted as finished work or occasionally submitted as an Internet Draft.
(a Slack channel is also available on the eduGAIN slack instance)
Fredrik Domeij (SWAMID)
- Best practice statement on SP error handling for non-technical issues at login
- Kick-off call - 13 February 2020
- Error Handling WG Notes - 20 February 2020
- Error Handling WG Notes - 27 February 2020
- Error Handling WG Notes - 5 March 2020
- Error Handling WG Notes - 12 March 2020
- Error Handling WG Notes - 19 March 2020
- Error Handling WG Notes - 26 March 2020
- Error Handling WG Notes - 2 April 2020
- Error Handling WG Notes - 9 April 2020
- Error Handling WG Notes - 21 May 2020
- Error Handling WG Notes - 28 May 2020
- Error Handling WG Notes - 4 June 2020
- Consultation Response call - 18 June 2020
- Initial proposal target date: mid-March 2020