Section numbers correspond to the eGov 2.0 draft profile.
2.5.3.1
Responses to Authentication Failure
Description
To complete this Test Case, the IdP under test must receive an authentication request for a User it cannot or will not authenticate. The cause of this authentication failure is not relevant but is expected to be an event such as:
- The user chooses to cancel the authentication process.
- The user identity does not exist or the number of failed login attempts has been exceeded.
- The user forgets his/her password and must wait for an email containing the password.
Preconditions
- Metadata exchanged and loaded
- Encryption disabled
- User Identities Not Federated
Test Sequence
1. AuthnRequest from SP to IdP, Redirect Binding, Federate
User/SP attempts Single Sign-On with Persistent Name Identifier with AllowCreate set to true. SP communication to the IdP for the SAML request is through HTTP-Redirect binding. IdP does not recognize User and thus cannot authenticate user.
IdP CONFIRM: User is not authenticated.
2. Response Failure
Being unable to authenticate User, IdP returns SAML Response with error indicating AuthnRequest failed.
SP CONFIRM: IdP returns SAML Response indicating authentication error.