[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Created: (SECURITY-6) Conflict with core inSSO profile on returning error Responses to SP
Conflict with core in SSO profile on returning error Responses to SP -------------------------------------------------------------------- Key: SECURITY-6 URL: http://tools.oasis-open.org/issues/browse/SECURITY-6 Project: OASIS Security Services (SAML) TC Issue Type: Bug Components: Profiles Affects Versions: Version 2.0 Reporter: Scott Cantor Priority: Minor Fix For: 2.0 incorporating Approved Errata Section 3.4.1.4 of Core states that "The responder MUST ultimately reply to an <AuthnRequest> with a <Response> message..." regardless of success or failure. Section 4.1.3.5 of Profiles reads "Regardless of the success or failure of the <AuthnRequest>, the identity provider SHOULD produce an HTTP response to the user agent containing a <Response> message...". The conflicting language should be clarified, without imposing the impossible requirement for an IdP to guarantee a response, but to encourage implementers to favor responses and/or provide options to ensure that. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]