Sun OpenSSO Enterprise 8.0 Update 1 Release Notes

Chapter 6 Centralizing SAML Error Display in OpenSSO Enterprise 8.0 Update 1

A centralized error processing URL is now supported to display all error conditions caught during SAML versions 1.x and 2 protocol processing. (This URL does not handle external application errors, but only those thrown by OpenSSO when using the SAMLv1.x and SAMLv2 protocols.) By default, the error processing URL points to saml2error.jsp, a JavaServer Page (JSP) that ships with OpenSSO. saml2error.jsp can be found in the /saml2/jsp directory inside the exploded opensso.war.

How Does it Work?

The error processing URL provides the path to which a user agent is redirected or forwarded when a SAML processing error occurs. The Error Processing URL attribute is configured using the OpenSSO console. Out-of-the-box, saml2error.jsp is hosted within the OpenSSO WAR. It (or any customized page) can also be hosted with the external customer application.

Which Parameters are Sent?

Three query parameters that define the error condition are sent to the error processing URL.

Configuring the Error Processing URL Attribute

ProcedureTo Configure the Error Processing URL Attribute

  1. Login to the OpenSSO console as administrator; by default, amadmin.

  2. Click the Configuration tab.

  3. Click the Global tab.

  4. Click the Common Federation Configuration link.

  5. Enter the appropriate URL as the value for the SAML Error Page URL attribute.

  6. Enter the appropriate binding as the value for the SAML Error Page HTTP Binding attribute.

    The default binding is HTTP-POST. You may change this to HTTP-REDIRECT.

  7. Click Save.

  8. Log out of the console.

SAML Error Messages

SAMLv2 Error Codes

SAMLv1.x Error Codes