For most of the common problems encountered in the RealMe® services, the web application handles the alternative process flow – for example, forgotten password or password expiry. For exceptions that cannot be handled by a process within the RealMe service, the user is redirected back to the agency with a SAML v2.0 status code. Use of the Messaging Test Site (MTS) is required to generate the SAML exception codes.
An agency's online service must interpret the SAML exception codes and display an appropriately worded message to the user.
Agencies can choose the method of presenting RealMe related messages and the wording style. The exception must be labelled with 'RealMe', but 'alert' or 'message' may be more appropriate than 'error', as the user may not have done anything incorrect. The message must not be a dead end and the user should be able to navigate to an appropriate online service web page and be provided with an opportunity to attempt to login again.
The RealMe implementation team will expect to see a demonstration of the online service handling of SAML exceptions, or at least screen shots from the pre-production environment.
Developers may utilise the content of StatusMessage, but it is recommended that programming flow is based on StatusCode in case the content of StatusMessage is changed.
urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal
urn:oasis:names:tc:SAML:2.0:status:RequestDenied
urn:oasis:names:tc:SAML:2.0:status:Requestor
urn:oasis:names:tc:SAML:2.0:status:Responder
urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal
urn:oasis:names:tc:SAML:2.0:status:RequestDenied
urn:oasis:names:tc:SAML:2.0:status:Requestor
urn:oasis:names:tc:SAML:2.0:status:Responder