Posted: 4 May 2020 14:37 EDT Last activity: 22 Jul 2020 10:12 EDT
Configuring error message for SAML2.0 based SSO
We have configured SAML2.0 based Authentication Service for Single Sign-On. ADFS is used as IDP. The SSO authentication is working properly. However we are unable to display custom error message if authorization fails. I am looking for your help and suggestion for following items.
1. During SSO authentication we are checking whether the ID is part of a particular AD group. If they aren't part of the AD Group then login will be denied. We are able to achieve this part but on screen we aren't able to display a custom message. We are always getting default error message. Can you please let me know if we can show custom message in this scenario?
2. If Login fails we want to redirect to a different page. Is it possible to redirect to a different web-page during SSO authentication?
We are on 8.3.2 and OOTB SAML2.0 based SSO is used. Automatic operator provisioning is enabled using data transform.
we are trying to write any code on the post-authentication activity . we are getting the Policy filed issue. what we are trying here the positive scenario is working fine. when ADFS team not sending any AG group attributes we need to stop the screen and put some Error Message. This part we are not able to achieve and not able to redirect the screen also. We are doing all this from the Data Transform. when the negative scenario we are seeing this Error Message "Unable to process the SAML WebSSO request : Unable to derive operator from SAML assertion"
please let me know if you need any more details.
Posted: 1 year ago
Posted: 13 May 2020 10:25 EDT
Santhosh Bagannagari (bagas)
Tech Lead, Security Engineering
Hi Santhosh, today morning i worked with pega team and modified the below rule . Now it's working fine . we check another option how we need to redirect to other login screen . i will keep update the post . thank you