diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
index ee01d8460..f7df7bd86 100644
--- a/lib/AppInfo/Application.php
+++ b/lib/AppInfo/Application.php
@@ -10,6 +10,7 @@
 namespace OCA\User_SAML\AppInfo;
 
 use OC\Security\CSRF\CsrfTokenManager;
+use OC\User\DisabledUserException;
 use OC\User\LoginException;
 use OC_User;
 use OCA\DAV\Events\SabrePluginAddEvent;
@@ -85,6 +86,7 @@ public function boot(IBootContext $context): void {
 				CsrfTokenManager $csrfTokenManager,
 				GroupBackend $groupBackend,
 				UserBackend $userBackend,
+				LoggerInterface $logger,
 				bool $isCLI,
 			): void {
 				$groupManager->addBackend($groupBackend);
@@ -119,12 +121,14 @@ public function boot(IBootContext $context): void {
 						if ($request->getPathInfo() === '/apps/user_saml/saml/error') {
 							return;
 						}
+						/** @psalm-suppress UndefinedClass */
 						$targetUrl = $urlGenerator->linkToRouteAbsolute(
 							'user_saml.SAML.genericError',
 							[
-								'message' => $e->getMessage()
+								'reason' => $e instanceof DisabledUserException ? 'userDisabled' : 'authFailed',
 							]
 						);
+						$logger->error('Login failure', ['exception' => $e]);
 						header('Location: ' . $targetUrl);
 						exit();
 					}
@@ -142,7 +146,7 @@ public function boot(IBootContext $context): void {
 						$targetUrl = $urlGenerator->linkToRouteAbsolute(
 							'user_saml.SAML.genericError',
 							[
-								'message' => $l10n->t('This user account is disabled, please contact your administrator.')
+								'reason' => 'userDisabled',
 							]
 						);
 						header('Location: ' . $targetUrl);
diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php
index b4cc693b6..c6120ea26 100644
--- a/lib/Controller/SAMLController.php
+++ b/lib/Controller/SAMLController.php
@@ -547,10 +547,13 @@ public function notPermitted(): Http\TemplateResponse {
 	#[PublicPage]
 	#[NoCSRFRequired]
 	#[OnlyUnauthenticatedUsers]
-	public function genericError(string $message): Http\TemplateResponse {
-		if (empty($message)) {
-			$message = $this->l->t('Unknown error, please check the log file for more details.');
-		}
+	public function genericError(string $reason): Http\TemplateResponse {
+		$allowedMessages = [
+			'userDisabled' => $this->l->t('This user account is disabled, please contact your administrator.'),
+			'authFailed' => $this->l->t('Authentication failed.'),
+		];
+
+		$message = $allowedMessages[$reason] ?? $this->l->t('Unknown error, please check the log file for more details.');
 		return new Http\TemplateResponse($this->appName, 'error', ['message' => $message], 'guest');
 	}
 
diff --git a/tests/unit/Controller/SAMLControllerTest.php b/tests/unit/Controller/SAMLControllerTest.php
index 0d490652d..fd2a3e143 100644
--- a/tests/unit/Controller/SAMLControllerTest.php
+++ b/tests/unit/Controller/SAMLControllerTest.php
@@ -327,7 +327,8 @@ public function testGenericError(string $messageSend, string $messageExpected):
 
 	public static function dataTestGenericError(): \Generator {
 		yield ['messageSend' => '', 'messageExpected' => 'Unknown error, please check the log file for more details.'];
-		yield ['messageSend' => 'test message', 'messageExpected' => 'test message'];
+		yield ['messageSend' => 'userDisabled', 'messageExpected' => 'This user account is disabled, please contact your administrator.'];
+		yield ['messageSend' => 'authFailed', 'messageExpected' => 'Authentication failed.'];
 	}
 
 	#[DataProvider('dataTestGetSSODisplayName')]