Uploaded image for project: 'Identity'
  1. Identity
  2. ID-8393

Build more mature error handling logic for enforced SSO(SAML)

XMLWordPrintable

    • 2

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Statement: 

      User is unable to log in due to an Invalid SAML Response, and the Customer wants Atlassian to display the IDP's Generated Error.

      The Atlassian Services expect a SAML Payload to contain a SAML Subject, which includes the User's Email Address on the SAML NameID and optionally SAML Attributes with the Givenname, Surname, and a Unique ID on Name/UPN/ObjectID; we don't really consider any other SAML Assertions.

      Since their IDP isn't giving us a valid SAML Payload, we should be presenting an "invalid SAML response" message.

      Suggestion:

      We should pass SAML assertions/responses into an error page to help customers troubleshoot login issues.

      We can actually extend that to showing SAML errors on the page instead of just passing the error through the page URL as we currently do.

        1. Screenshot 2023-08-18 at 2.21.11 pm.png
          Screenshot 2023-08-18 at 2.21.11 pm.png
          53 kB
        2. Screenshot 2023-08-18 at 2.22.44 pm.png
          Screenshot 2023-08-18 at 2.22.44 pm.png
          291 kB

              Unassigned Unassigned
              7484bd6336a7 Prakhar Srivastava
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: