[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Stateless Conformity To SAML
> Yes, my mistake - mgmt not mapping. I was looking for the return status > to the mgmt request to indicate "unwilling" and wound up in the mapping > section inadvertently. So, is the status for "unwilling to write ID > change" still InvalidNameIDPolicy, or is it something more meaningful I > did not find? Well, metadata for an SP that didn't support the profile should obviously not claim to support the profile. Thus, you'd never get such a request. Note that this is basically true even if you're not using the SAML metadata spec. Metadata is just a formal way of doing what people have to do out of band otherwise, so same thing applies. This ties into my earlier note, we would need to make sure that the schema is accurate wrt conformance. Apart from that, you could always return RequestDenied. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]