[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Errors with HTTP redirect Binding
> Specifications for redirect binding says : > > "HTTP interactions during the message exchange MUST NOT use HTTP error > status codes to indicate > failures in SAML processing, since the user agent is not a full party to > the SAML protocol exchange." > > If a SP receive a request with this binding and the URI indicated in the > issuer element of the request is unknown, the SP can't guess the URL of > the sender and then, can't send any response to it. So the only way is to > send an HTTP error status... Is it a contradiction with preceding "MUST > NOT" ? No, the only way to signal a failure is to the client. There's no value in using an HTTP error for that, it won't mean anything to the client that would result in a reasonable message. You should send back HTML or do whatever you would do in similar situations. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]