Needs elegant exit message when user declines to share personal info from google

[alexstuart]

Flow is: user goes to SP, chooses Google gateway, redirected to Google, user declines to share information. User is redirected back to google gateway IdP, which sends a SAML error status & message to SP. SP just posts the error messages verbatim. Issue is: this needs a more elegant exit message.

Error returned from identity provider:

Status: urn:oasis:names:tc:SAML:2.0:status:Responder
Message: SimpleSAML_Error_UserAborted: USERABORTED

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPErrors

Can either:

1. modify /etc/shibboleth/sessionError.html
2. Set redirectErrors to a branded page in the portal, have it process the query string appropriately.

[andreasmatheus]

I think we have argued so far that security pages are "branded per organization". A kind of alike to COBWEB but have individual screens for things like errors and logout. I don't like to force a redirect to a "central" error page....
So perhaps we need to apply re-branding to error pages on each SP?

[alexstuart]

Sorry, saying "the portal" was a shorthand for "the SP where there error has been reported". Option 1 would always be local to the SP; option 2 could be configured so.

I'll work something up on the EDINA COBWEB SP & report back.