I'm currently managing an IdP based on Microsoft ADFS 4.0. One of our Service Providers is using omniauth-saml for their side of the federation and we're experiencing several HTTP 500 errors in user authentication.
Most of the time, this is due to missing authorization group membership on the Active Director side, which results in a RequestDenied assertion from the IdP to the SP:
`
`
Another common cause is the absence of an email attribute.
In such cases, the SP web servers returns HTTP 500 and no information can be displayed to the user letting him/her and the support service know what's wrong.
Is there any way omniauth-saml could handle these error and return a reasonable exception?
Thanks,
L
Hello,
I'm currently managing an IdP based on Microsoft ADFS 4.0. One of our Service Providers is using omniauth-saml for their side of the federation and we're experiencing several HTTP 500 errors in user authentication.
Most of the time, this is due to missing authorization group membership on the Active Director side, which results in a RequestDenied assertion from the IdP to the SP:
`