ADFS Custom 401 Error Page for denied Access

Hi derSchweiger,

it is possible to display a custom 401 error page if a user is not permitted to access a certain SAML/OIDC application due to the applied access policy.

To do this, you need to configure a custom error page in ADFS:

1. Open the ADFS Management Console.
2. Go to Policies > Claims Providers > Edit Claim Provider for the claim provider that you want to configure.
3. In the Claims Provider Properties dialog box, go to the Advanced tab.
4. In the Custom Error Pages section, click Add.
5. In the Add Custom Error Page dialog box, enter the following information:
Error Code: 401
6. Error Page URL: The URL of your custom error page.
7. Click OK to save your changes.

Once you have configured a custom error page, you need to make sure that the application that you are trying to access is configured to use the ADFS claims provider:

1. Open the application's configuration file.
2. Locate the section that configures the ADFS claims provider.
3. Add the following attribute to the ClaimsProvider element:

custom-error-page="https://YOUR_ADFS_SERVER/adfs/ls/idpinitiatedsignon.aspx?error-code=401"

Replace YOUR_ADFS_SERVER with the URL of your ADFS server.

Once you have made this change, save the configuration file and restart the application.

When a user tries to access the application and they are not permitted to access it, they will be redirected to the custom error page that you configured in ADFS:

<!DOCTYPE html>
<html>
<head>
<title>Access Denied</title>
</head>
<body>
<h1>Access Denied</h1>
<p>You are not permitted to access this application.</p>
</body>
</html>