[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] sstc-saml-profiles-2.0-figures-01.pdf
I understand. My point was there was no *guaranteed* response (in case
of failure). However, I found the section in Core that defines that
failure behavior and clarified my question about this profile.
Thanks,
Mike
-----Original Message-----
From: Jeff Hodges [mailto:Jeff.Hodges@Sun.COM]
Sent: Monday, July 26, 2004 4:40 PM
To: oasis sstc
Subject: Re: [security-services] sstc-saml-profiles-2.0-figures-01.pdf
Beach, Michael C wrote:
> Question:
>
> On page 2 for Logout functionality, I assume 4. <LogoutResponse> may
> not occur?
From this section of sstc-saml-profiles-2.0-draft-17...
1145: 4.4.3.4 Session Participant/Authority issues <LogoutResponse> to
Identity
Provider
The session participant/authority MUST process the <LogoutRequest>
message as defined in [SAMLCore]. After processing the message or upon
encountering an error, the entity MUST issue a <LogoutResponse> message
containing an appropriate status code to the requesting identity
provider to complete the SAML protocol exchange.
..it looks like that step must occur.
JeffH
To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/security-services/members/l
eave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]