[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Updated: (SECURITY-6) PE: Conflict with corein SSO profile on returning error Responses to SP
[ http://tools.oasis-open.org/issues/browse/SECURITY-6?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Scott Cantor updated SECURITY-6: -------------------------------- Summary: PE: Conflict with core in SSO profile on returning error Responses to SP (was: Conflict with core in SSO profile on returning error Responses to SP) > PE: Conflict with core in SSO profile on returning error Responses to SP > ------------------------------------------------------------------------ > > Key: SECURITY-6 > URL: http://tools.oasis-open.org/issues/browse/SECURITY-6 > Project: OASIS Security Services (SAML) TC > Issue Type: Bug > Components: Profiles > Affects Versions: Version 2.0 > Reporter: Scott Cantor > Priority: Minor > Fix For: 2.0 incorporating Approved Errata > > > Section 3.4.1.4 of Core states that "The responder MUST ultimately reply to an <AuthnRequest> with a <Response> message..." regardless of success or failure. > Section 4.1.3.5 of Profiles reads "Regardless of the success or failure of the <AuthnRequest>, the identity provider SHOULD produce an HTTP response to the user agent containing a <Response> message...". > The conflicting language should be clarified, without imposing the impossible requirement for an IdP to guarantee a response, but to encourage implementers to favor responses and/or provide options to ensure that. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]