...
| The URL associated with the request. |
| The general type of error. |
| The actual error message. |
| Name of identity provider, if known. |
| Current date and time. |
| SAML status code causing error, sent by identity provider. |
| SAML sub-status code causing error, sent by identity provider. |
| SAML status message, sent by identity provider. |
| Original URL the user was attempting to access or value of target parameter passed to SessionInitiator. |
| A support contact name for the IdP provided by that site's metadata. |
| A contact email address for the IdP contact provided by that site's metadata. |
| The URL of an error handling page for the IdP provided by that site's metadata. |
eventType | A constant identifying the type of activity connected with the error (e.g. Login, Logout) |
...
| Name | Type | Default | Description |
|---|---|---|---|
| Basolure or relative URL | Controls the type of error handling used (see above). If set, the URL is used as the destination for a redirection of the browser with a query string containing information about the error. | |
session | local pathname | sessionError.html | Path to a template to use for general processing errors. |
metadata | local pathname | metadataError.html | Path to a template to use for metadata-related errors. |
access | local pathname | Path to a template to use for authorization failures. When omitted, a generic 403 status will be returned when possible, which can be customized by the web server in the normal manner. | |
ssl | local pathname | sslError.html | Path to a template to use for blocking non-SSL requests that cannot be redirected, if the |
localLogout | local pathname | localLogout.html | Path to a template to use when completing a local logout operation and no other "return" location is known. |
partialLogout | local pathname | partialLogout.html | Path to a template to use when a non-local logout attempt finishes with an incomplete or erroneous status. Note that most IdPs will never display this to the user so relying on it for anything now is generally a waste of time. |
globalLogout | local pathname | globalLogout.html | Path to a template to use when completing a global logout operation and no other "return" location is known. Global logout implies identity provider involvement using a single logout protocol. Note that most IdPs will never display this to the user so relying on it for anything now is generally a waste of time. |
externalParameters 3.2.1 | Boolean | false | Flag introduced to block the processing of query string parameters for replacement/override of template replacement values. Enabling this is not advised but restores this ability. |
Extension Attributes
Any attribute not listed above will be loaded and used as a parameter during template generation.