[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SOAP Basic Authentication Handling in SAML 1.1
From: Darren Platt [mailto:dplatt@pingidentity.com] Sent: Friday, January 14, 2005 4:38 PM To: saml-dev@lists.oasis-open.org Subject: [saml-dev] SOAP Basic Authentication Handling in SAML 1.1 I’ve got a question about the
correct behavior WRT Basic Authentication of the SOAP channel in SAML
1.1. When a relying party and asserting
party are configured to use Basic authentication for the SOAP channel, if the
relying party sends a SOAP request to an asserting party without the header that
includes the username and password, how should the asserting party respond?
Should it return a 401 or a 403? At the interop event at the RSA
show, we found that different implementations acted differently leading to
issues with interoperability. I couldn’t find any mention of the
correct behavior in the SAML or SOAP specs. Thanks,
----------------------------------------------- Darren
Platt Director of Solutions
Architecture Ping Identity
Corporation dplatt@pingidentity.com Direct:
303.468.2853 <a href="http://www.avidware.net/">Windows
2003 Clustering Server</a> |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]