search

italia / spid-shibboleth-proxy-docker

SPID authentication proxy based on Shibboleth service provider
European Union Public License 1.2
22 stars 11 forks source link

Add spid custom error message #7

Closed umbros closed 5 years ago

umbros commented 6 years ago

Is necessary to implement the management of SPID custom error codes:

ex:

ErrorCode nr25 as defined: https://www.agid.gov.it/sites/default/files/repository_files/regole_tecniche/spid_tabella_messaggi_di_anomalia_v1.0.pdf
psmiraglia commented 6 years ago

As in the documentation, Shibboleth SP already supports errors management

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPErrors

In case of error, the SP "encodes" the error in a query string as in the following (not normative) example

http://example.org/error?now=Tue Jan 31 11:32:41 2012
    &requestURL=https://example.org/Shibboleth.sso/SAML2/POST
    &errorType=opensaml::FatalProfileException
    &errorText=SAML response contained an error.
    &RelayState=https://example.org/secure/getattrs
    &entityID=urn:mace:incommon:idp.protectnetwork.org
    &statusCode=urn:oasis:names:tc:SAML:2.0:status:Responder
    &statusCode2=urn:oasis:names:tc:SAML:2.0:status:AuthnFailed

The GET destination endpoint can be configured in shibboleth.xml as follows

...
<Errors supportContact="help@example.org" redirectErrors="http://example.org/error" />
...

The end-user is in charge to implement his own error management page according to the needs. For instance

https://github.com/italia/spid-auth-docker/blob/65a7a257c4f487f538d238c3bdb333d22e5030d0/example/index.js#L83-L95