4.2 How to inform user of missing required attributes when accessing a service

Identity Providers don't send attributes to Service Providers without any good reason. Sweden is a member of the European Union and within the union there are strict rules on storing, transfer and process personal data. All attributes in the attribute release are to be considered as personal data and therefore Identity Providers are careful.

The best way for a Service Provider to get the needed attributes is to request to the registering federation, i.e. SWAMID, to add entity categories to their metadata. For more information about entity categories please see 4.1 Entity Categories for Service Providers.

If some Identity Providers still don't release enough required attributes to the Service Provider you should inform the users what required attributes are missing in the release from their Identity Providers. This gives the user meaningful reason why the user can't access your service. It also gives you a possible sponsor to get the required attribute release from the Identity Provider. The information you give on the required attributes page is vital for the user in their communication with their service desk. The page should at least contain what attributes are missing, a link to the Service Provider informational page and a link to the Service Provider privacy policy. There is a common way to referer users to their own organisation help pages, the errorURL of their Identity Provider. See Service Provider error handling during federated login for more information on the errorURL.

  • No labels