OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Rejecting Saml Requests (SOAP Binding0

Title: Message
It seems that from bindings 313-314, that if a Saml Responder or Provider cannot process the request, then it would send a soap fault (vs. a SAML response msg)So some examples of this include:
- the issuer name is not recognized at all.
- requeset was not signed, but signature was required.
- signature was incorrect.
- the Destination attribute of the request did not match the url the request was sent to.
The one that I'm not clear on is:
- the version was not correct (e.g., the requested major version is higher or minor version is higher and we don't handle that, or the major version is lower). The core spec (ch 4) says we should reject the request when there are issues with the major versions. But it's not clear what reject means  (pehaps I missed it in the spec). One could treat is as above and send back a soap fault. But chapter 4 talks about possibly using the Status second level code Version..... So this implies a Saml msg could be sent back. So is the actual response (soap fault vs. Saml msg) up to the implementer?
Thanks, Tom.

Thomas Wisniewski
Software Architect
Phone: (201) 891-0524
Cell: (201) 248-3668
Securing Digital Identities
& Information


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]