...
- Clock skew problems
- Malformed AuthnRequest URLs caused by broken redirection logic
...
Since there's nothing the IdP support staff can do to resolve the issue, it usually does no good to have the user report the error there, even though that's the natural thing to do when the IdP software reports a problem. As of 1.3.1, you can alter this behavior and report a different message to the client that may be more useful.
Configuration
To enable the feature, simply add an attribute to the <IdPConfig> element in the IdPXml file:
| Code Block |
|---|
<IdPConfig ... blameSP="true" ...>
|
When a malformed AuthnRequest is detected, a special error template called IdpErrorBlameSP.jsp is used to report the problem, allowing you to customize the message users will see.