RH SSO brokered identity provider response and error handling
When a 3rd party IDP sends a error=access_denied and error_description=Access Denied response. This just retriggers authentication again which then fails repeated in a loop.
1) Is this the right behavior? Is this a bug because it seems wrong to not return an error to the user in this case? Is there a justification for this behavior?
2) Is this behavior specified anywhere? i.e. is there a spec that covers brokering of identity providers?
- Red Hat Single SignOn
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.