OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Errors with HTTP redirect Binding



Specifications for redirect binding says :

"HTTP interactions during the message exchange MUST NOT use HTTP error status codes to indicate
failures in SAML processing, since the user agent is not a full party to the SAML protocol exchange."

If a SP receive a request with this binding and the URI indicated in the issuer element of the request is unknown, the SP can't guess the URL of the sender and then, can't send any response to it. So the only way is to send an HTTP error status... Is it a contradiction with preceding "MUST NOT" ?


Valérie

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]