If my application is responsible for redirecting/doing a single sign on to a destination managed by a third party, in general, where should I draw the line for error handling during this process? If an error happens on the other application's end, is it reasonable for my stakeholder to expect the application I am working with to share responsibility for handling these scenarios? Notes: I am going to keep solutions limited to those that entail only one request--I am familiar with the "do an xmlhttprequest and see how that fares before doing anything else" approach. I am speaking in terms of an enterprise-level application with fairly decent customer traffic.