Index: client/singlesignon_client.module
===================================================================
--- client/singlesignon_client.module	(revision 6801)
+++ client/singlesignon_client.module	(working copy)
@@ -182,6 +182,12 @@
       $action = 'user/login';
       // Ensure the block submits to the stand-alone form.
       $form['form_id']['#value'] = 'user_login';
+      $i = 0;
+      // Set any login errors that may have been returned from the controller site.
+      while (isset($_GET['ssologinerror'. $i])) {
+        form_set_error('', filter_xss($_GET['ssologinerror'. $i]));
+        ++$i;
+      }
       break;
   }
 
Index: controller/singlesignon_controller.module
===================================================================
--- controller/singlesignon_controller.module	(revision 6801)
+++ controller/singlesignon_controller.module	(working copy)
@@ -55,11 +55,24 @@
     case 'user_pass':
     case 'user_login_block':
     case 'user_login':
+      $form['#validate'][] = 'singlesignon_controller_user_form_validate';
       $form['#submit'][] = 'singlesignon_controller_user_form_submit';
       break;
   }
 }
 
+function singlesignon_controller_user_form_validate($form, &$form_state) {
+  // Pass login errors back to the origin site.
+  if ($errors = form_get_errors()) {
+    list ($url, $query) = explode('?', $_GET['origin'], 2);
+    foreach($errors as $key => $error) {
+      $errors[$key] = urlencode($error);
+    }
+    $query .= '&ssologinerror0='. implode('&ssologinerror='. $i++, $errors);
+    drupal_goto($url .'/user/login', $query);
+  }
+}
+
 /**
  * Submit callback for user forms redirect.
  *
Index: singlesignon.inc
===================================================================
--- singlesignon.inc	(revision 6801)
+++ singlesignon.inc	(working copy)
@@ -141,7 +141,10 @@
 function singlesignon_build_query($arguments) {
   $query = array();
   foreach ($arguments as $key => $value) {
-    $query[] = urlencode($key) .'='. urlencode($value);
+    // Don't pass error messages back to the controller
+    if (strpos($key, 'ssologinerror') !== 0) {
+      $query[] = urlencode($key) .'='. urlencode($value);
+    }
   }
   $query = implode('&', $query);