[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Rejecting Saml Requests (SOAP Binding0
> Scott, sorry for the confusion. I did mean soap initially. > Keeping with soap, are you saying that > A) the responder should send back a saml msg with and invalid > (Requester) top level status code? For those cases, I would, yeah. > And if so: > B) does the spec say, in your opinion, you must do this vs. > just returning a soap fault? I think it's been the intent, but it's difficult to get the language right. I read 3.2.3.3 as pretty clearly saying SOAP faults are for SOAP errors and SAML errors are for, well, SAML errors. In the HTTP case, of course, there is no other real error to return, and the user experience suggests that you get control back to the message sender if at all possible and he's not attacking you or something. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]