Currently, if the option to auto-provision users is not selected, and an unprovisioned user attempts to authenticated via SAML, they are redirected to the homepage.

This is problematic because in many cases, the homepage contains protected content and the user might get a generic access denied message, or even caught in an endless redirect loop for site that are configured to redirect 403 pages for unauthenticated users to SAML. The user also gets no additional information about why they weren't able to log in (related: #2296093: User not seeing the "Not yet entitled to access the site")

I think many sites could benefit from this redirect page being configurable. Patch to follow.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Dane Powell created an issue. See original summary.

Dane Powell’s picture

Dane Powell’s picture

Whoops, missed the fact that $config is available via service injection

Wilfred Waltman’s picture

Rerolled for version 3.1.0

Maico de Jong’s picture

Rerolled for latest dev and 3.2.0

Was having the same issue as mentioned in #2296093, configurable is a good alternative for me.

marcvangend’s picture

Status: Needs review » Reviewed & tested by the community

Patch works as advertised. Good to see that the default config and config schema files have not been forgotten. Thanks all.

manikandank03’s picture

Patch #5 works fine for me.