OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Rejecting Saml Requests (SOAP Binding0

> It seems that from bindings 313-314, that if a Saml Responder 
> or Provider cannot process the request, then it would send a 
> soap fault (vs. a SAML response msg). So some examples of 
> this include:
> - the issuer name is not recognized at all.
> - requeset was not signed, but signature was required.
> - signature was incorrect.
> - the Destination attribute of the request did not match the 
> url the request was sent to.

Umm, not really. Those to me would all be SAML errors, and handled with SAML
responses. SOAP faults are reserved for transport layer concerns like
"malformed message". In ours, as soon as I parse the SAML successfully,
further errors are returned in the SAML domain.

> talks about possibly using the Status second level code 
> Version..... So this implies a Saml msg could be sent back. 
> So is the actual response (soap fault vs. Saml msg) up to the 
> implementer?

Ultimately, but version errors in the SAML domain are supposed to be SAML

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]