PingFederate Server

Overriding error handling in an IdP connection

You can override how incoming errors are handled before they’re relayed to the requesting application or partner.

About this task

You can optionally enable Passthrough Errors, and PingFederate will include the error message from the identity provider (IdP) in three main places:

  • User-Facing Errors: Rendered in PingFederate’s error templates.

  • Error Redirects: Sent as the errorDetail query parameter when redirecting to InErrorResource.

  • Protocol Responses: Used in downstream protocol responses, specifically:

    • Security Assertion Markup Language (SAML): The <StatusMessage> element.

    • OpenID Connect (OIDC): The error_description parameter.

    • WS-Federation: The <Fault> element.

Steps

  1. In the PingFederate administrative console, go to Authentication > Integration > IdP Connections.

  2. Click the name of the connection to open it in the IdP Connection window.

  3. On the Activation & Summary tab, scroll down to the Protocol Settings section, then click Overrides.

  4. On the Overrides tab, in the Error Handling section, select the Passthrough Errors checkbox.

  5. Click Save to complete the configuration.

    Alternatively, click Next to carry on with the rest of the connection settings.