search

swedenconnect / technical-framework

Technical Specifications for the Swedish eID Framework
27 stars 3 forks source link

Add new DSS error code for failed user authentication #184

Open martin-lindstrom opened 2 years ago

martin-lindstrom commented 2 years ago

The extensions to the DSS error codes lists a number of suitable error codes for the DSS extension functionality, but it seems that an error code for "user authentication failed" is lacking.

magnussuther commented 1 year ago

Also, there doesn't seem to be a suitable DSS ResultMinor code corresponding to http://id.elegnamnden.se/status/1.0/possibleFraud, hence the fact that the identity provider detected a possible fraud is lost in translation between the SAMLResponse and the SignResponse.

http://id.elegnamnden.se/sig-status/1.0/user-cancel currently seems like the best fit, but that assumes that the identity provider presented a Cancel button for the user to click on, rather than just returning the user immediately, which may not always be the case.

A URI of http://id.elegnamnden.se/sig-status/1.0/possible-fraud or similar would therefore be useful.