OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Errors with HTTP redirect Binding

On 6/13/07, valerie.bauche@bull.net <valerie.bauche@bull.net> wrote:
> Specifications for redirect binding says :
> "HTTP interactions during the message exchange MUST NOT use HTTP error
> status codes to indicate
> failures in SAML processing, since the user agent is not a full party to the
> SAML protocol exchange."
> If a SP receive a request with this binding and the URI indicated in the
> issuer element of the request is unknown, the SP can't guess the URL of the
> sender and then, can't send any response to it. So the only way is to send
> an HTTP error status... Is it a contradiction with preceding "MUST NOT" ?

Do you mean IdP above?  In any event, IdP behavior depends on the
profile, and in the case of the Web Browser SSO Profile, section in SAMLProf is definitive:

"If the identity provider cannot or will not satisfy the request, it
MUST respond with a <Response> message containing an appropriate error
status code or codes."

Did you have some other use of the Redirect Binding in mind?

Hope this helps,

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]