OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Authentication Responses

Hi there; I’m new to the list so I apologize if this question has been asked before; although I’ve done a quick scan in the archive and haven’t found an entirely relevant thread…


I  have a question about when the  WebSSO profile requires an Authentication Response.


The SAML2 profiles document section states:


“If the identity provider cannot or will not satisfy the request, it MUST respond with a <Response> message containing an appropriate error status code or codes.”


We have a case where the Login Page at the Identity Provider may take the user into other flows initiated by the user, such as registering for a new credential.  Is the IdP obligated to respond with a authentication response to the SP?


As an additional example, during an authentication request initiated by the SP to the IdP, if the user (Brower), while at the IdP were to navigate to google.com or move to a registration flow to create a new credential or enter a locked out state, does this scenario require a mandatory response to the SP using an HTTP Post Binding (referencing section in the SAML Specification)?


Under what situation(s) do I NOT have to respond back with a SAML response?






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]