[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SOAP Basic Authentication Handling in SAML 1.1
I’ve got a question about the correct behavior WRT
Basic Authentication of the SOAP channel in SAML 1.1. When a relying party and asserting party are configured to
use Basic authentication for the SOAP channel, if the relying party sends a
SOAP request to an asserting party without the header that includes the username
and password, how should the asserting party respond? Should it return a
401 or a 403? At the interop event at the RSA show, we found that
different implementations acted differently leading to issues with
interoperability. I couldn’t find any mention of the correct
behavior in the SAML or SOAP specs. Thanks,
----------------------------------------------- Darren Platt Director of Solutions Architecture Ping Identity Corporation dplatt@pingidentity.com Direct: 303.468.2853 |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]