Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


If some Identity Providers still don't release enough required attributes to the Service Provider you should inform the users what required attributes are missing in the release from their Identity Providers. This gives the user meaningful reason why the user can't access your service. It also gives you a possible sponsor to get the required attribute release from the Identity Provider. The information you give on the required attributes page is vital for the user in their communication with their service desk. The page should at least contain what attributes are missing, a link to the Service Provider informational page and a link to the Service Provider privacy policy. There is a common way to referer users to their own organisation help pages, the errorURL of their Identity Provider. The best way to create a page for missing required attributes is to do this within the webservice but sometimes this is not possibly. In that case, you should use the capabilities of your SAML Service Provider software. For example in Shibboleth Service Provider you can use Shibboleth SP attribute checkerSee Service Provider error handling during federated login for more information on the errorURL.