[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SAMLCore errors in mandating some second-level status codes
|
When I’ve been dealing with this issue in Liberty specs I’m
editing, I prefer: If none of the specified classes or
declarations can be satisfied in accordance with the rules below, the responder
MUST return a <Response> message with a top-level <StatusCode>
value of …:Responder. If a second-level <StatusCode> is
included in the <Response> message it MUST have a value of “…:NoAuthnContext”.
In other words saying you can leave off the second level status
code, but if you do include one, it must be the one specified here. Conor “If
none of the specified classes or declarations can be satisfied in accordance
with the rules below, then the responder MUST return a <Response> message with a top-level
<StatusCode> value of urn:oasis:names:tc:SAML:2.0:status:Responder and MAY return a second-level <StatusCode> value of urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext.” |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]