Alistair Young wrote:
> We can put our helpdesk email in the IdP's metadata
> but there's no way to customise the error page at an SP (or is there?)
In some circumstances, the error page will include an e-mail address
taken from the IdP's metadata: when that happens, it will use the first
"technical" or "support" address it finds in the metadata. The UK
federation convention is always to have one of each, and to list the
"support" address first so that it will appear in error messages when
that's a possibility. Of course, some errors result in the SP not
knowing which IdP is involved, and this won't help then.
Other than that, there's no way for you as an IdP to customise an SP's
error pages. These are built from templates that are delivered as part
of the SP install; the configuration file comments suggest that people
deploying SPs should customise these pages, but I suspect not very many do.
If SP error pages aren't helpful, all you can do is take it up with the
owners of the particular SP directly.
> Is it worth exploring an extension to the Shibboleth profile [...]
I don't want to be a wet blanket, but I'd guess that it would be very
unlikely for the Shibboleth team to want to introduce more
Shibboleth-only extensions into SAML at this stage.
-- Ian
|