[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Authentication Responses
Hi there; I’m new to the list so I apologize if this
question has been asked before; although I’ve done a quick scan in the
archive and haven’t found an entirely relevant thread… I have a question about when the WebSSO profile requires
an Authentication Response. The SAML2 profiles document section 4.1.4.1 states: “If the identity provider cannot or will not satisfy
the request, it MUST respond with a <Response> message containing an
appropriate error status code or codes.” We have a case where the Login Page at the Identity Provider
may take the user into other flows initiated by the user, such as registering
for a new credential. Is the IdP obligated to respond with a authentication
response to the SP? As an additional example, during an authentication request
initiated by the SP to the IdP, if the user (Brower), while at the IdP were to
navigate to google.com or move to a registration flow to create a new
credential or enter a locked out state, does this scenario require a mandatory
response to the SP using an HTTP Post Binding (referencing section 4.1.4.1 in
the SAML Specification)? Under what situation(s) do I NOT have to respond back with a
SAML response? Thanks! |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]