[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Errors with HTTP redirect Binding
On 6/13/07, valerie.bauche@bull.net <valerie.bauche@bull.net> wrote: > > Specifications for redirect binding says : > > "HTTP interactions during the message exchange MUST NOT use HTTP error > status codes to indicate > failures in SAML processing, since the user agent is not a full party to the > SAML protocol exchange." > > If a SP receive a request with this binding and the URI indicated in the > issuer element of the request is unknown, the SP can't guess the URL of the > sender and then, can't send any response to it. So the only way is to send > an HTTP error status... Is it a contradiction with preceding "MUST NOT" ? Do you mean IdP above? In any event, IdP behavior depends on the profile, and in the case of the Web Browser SSO Profile, section 4.1.4.1 in SAMLProf is definitive: "If the identity provider cannot or will not satisfy the request, it MUST respond with a <Response> message containing an appropriate error status code or codes." Did you have some other use of the Redirect Binding in mind? Hope this helps, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]