[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Re: SAML Response Status Codes for User exceeding max permitted attempts
The proper way to handle this (IMO) is to set a top-level status
code of urn:oasis:names:tc:SAML:2.0:status:Responder And a second-level status code of urn:oasis:names:tc:SAML:2.0:status:AuthnFailed If additional details need to be provided, they should be placed
into the optional <StatusMessage> or <StatusDetail>
elements. Note that it is normally a significant security risk to provide
this much detail about an authentication request and most IdP implementations shouldn’t/won’t
send it. This falls in the category of leaking too much information to a
potential attacker. Rob Philpott RSA, the Security Division of EMC From: Siddhartha
Purkayastha [mailto:kpsiddharth@gmail.com] I went through the 2.0 documentation
- and apparently, there isnt such a status. So my question should probably have
been what would be the best way to inform the requester for such a status ? 2009/1/21 Siddhartha Purkayastha <kpsiddharth@gmail.com> Hello All - |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]