Error Handling

2239 views August 15, 2017 November 1, 2019 3

All situations except for a successful authentication is handled through an error response. As per the SAML specification, this response has a major code, a minor code, and a status message.

Major Code

urn:oasis:names:tc:SAML:2.0:status:Success No error. The call was a success.
urn:oasis:names:tc:SAML:2.0:status:Responder The part responsible for the error is the Signicat SAML2 Gateway.
urn:oasis:names:tc:SAML:2.0:status:Requester The part responsible for the error is the client.

Minor Code

urn:oasis:names:tc:SAML:2.0:status:AuthnFailed The responding provider was unable to successfully authenticate the principal.
urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext The specified authentication context requirements cannot be met by the responder.
urn:oasis:names:tc:SAML:2.0:status:NoPassive Indicates that the responding provider cannot authenticate the principal passively, as has been requested.
urn:oasis:names:tc:SAML:2.0:status:RequestDenied The SAML responder or SAML authority is able to process the request but has chosen not to respond. This status code MAY be used when there is concern about the security context of the request message or the sequence of request messages received from a particular requester.
urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal The responding provider does not recognize the principal specified or implied by the request.

Status Message

The status message consitst of two parts, an internal Signicat error code and a description. The format is as follows:

<error code>; <description>

Status codes and messages originating from the Signicat SAML2 Gateway

urn:signicat:error:saml2.0:systemerror A system error occurred on the server
urn:signicat:error:saml2.0:nonexistententity The service provider entity with given entityId is not registered
urn:signicat:error:saml2.0:authncontextempty Found no authentication methods that complies with the requested authentication contexts
urn:signicat:error:saml2.0:authncontextmismatch Method did not match requested AuthnContext
urn:signicat:error:saml2.0:validationfailure Failed while validating SAML1 response from portal
urn:signicat:error:saml2.0:session:nocurrent No current session
urn:signicat:error:saml2.0:session:subjectmismatch Subject in current session did not match requested subject
urn:signicat:error:saml2.0:session:credentialsfailed The session credentials check failed
urn:signicat:error:saml2.0:session:nonexistent The session did not exist
urn:signicat:error:saml2.0:session:nameidmismatch Session subject and requested NameID does not match

Status codes and messages originating from the Signicat Portal

urn:signicat:error Unspecified error
urn:signicat:error:internal Internal system error
urn:signicat:error:out-of-sequence The request was unexpected at this time
urn:signicat:error:usercancel The process was aborted by the end user
urn:signicat:error:userreject The process was rejected by the end user
urn:signicat:error:userpostpone The process was postponed by the end user
    <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"></saml2p:StatusCode>
    <saml2p:StatusMessage>urn:signicat:error:usercancel; The process was aborted by the end user</saml2p:StatusMessage>

Was this helpful?