OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] SOAP Basic Authentication Handling in SAML 1.1


 


From: Darren Platt [mailto:dplatt@pingidentity.com]
Sent: Friday, January 14, 2005 4:38 PM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] SOAP Basic Authentication Handling in SAML 1.1

I’ve got a question about the correct behavior WRT Basic Authentication of the SOAP channel in SAML 1.1.

 

When a relying party and asserting party are configured to use Basic authentication for the SOAP channel, if the relying party sends a SOAP request to an asserting party without the header that includes the username and password, how should the asserting party respond?  Should it return a 401 or a 403?  At the interop event at the RSA show, we found that different implementations acted differently leading to issues with interoperability.   I couldn’t find any mention of the correct behavior in the SAML or SOAP specs.

 

Thanks,


Darren

 

-----------------------------------------------

Darren Platt

Director of Solutions Architecture

Ping Identity Corporation

dplatt@pingidentity.com

Direct: 303.468.2853

Mobile: 303.775.6212 

<a href="http://www.avidware.net/">Windows 2003 Clustering Server</a>
 

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]