OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Errors with HTTP redirect Binding

> Specifications for redirect binding says :
> "HTTP interactions during the message exchange MUST NOT use HTTP error
> status codes to indicate
> failures in SAML processing, since the user agent is not a full party to
> the SAML protocol exchange."
> If a SP receive a request with this binding and the URI indicated in the
> issuer element of the request is unknown, the SP can't guess the URL of
> the sender and then, can't send any response to it. So the only way is to
> send an HTTP error status... Is it a contradiction with preceding "MUST
> NOT" ?

No, the only way to signal a failure is to the client. There's no value in
using an HTTP error for that, it won't mean anything to the client that
would result in a reasonable message. You should send back HTML or do
whatever you would do in similar situations.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]