Setting up ECP in shibboleth SP
Anand Somani
meatforums at gmail.com
Mon Jan 2 23:08:26 GMT 2012
So is response (for auth failure in case of ECP) within the spec or not?
The reason I ask is if our customer wants to use another Idp, would our ECP
code be different because it handles the credential validation differently
so instead of a 401, it returns a proper SOAP with auth denied.
Thanks
On Fri, Dec 30, 2011 at 3:56 PM, Chad La Joie <lajoie at itumi.biz> wrote:
> That is the expected behavior currently. Authentication occurs
> outside the IdP so its the web server or servlet container giving you
> that error.
>
> On Fri, Dec 30, 2011 at 18:35, Anand Somani <meatforums at gmail.com> wrote:
> > Follow up question on the setup for ECP. Everything seems to work as
> > expected for a successful login, but for a bad password the client gets a
> > 401 and a html response body, I would have expected a SOAP response/fault
> > (from Idp) with a rejection/denied that I could pass to SP. Is this not
> the
> > correct expectation? Maybe my Idp setup is not complete, even though it
> > seems to work?
> >
> > Thanks
> >
> >
> > On Wed, Dec 21, 2011 at 5:56 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> >>
> >> For the sake of the list archive, the crash was in an old log4shib
> version
> >> that was fixed several years ago and has nothing to do with ECP in
> >> particular.
> >>
> >> -- Scott
> >>
> >> --
> >> To unsubscribe from this list send an email to
> >> users-unsubscribe at shibboleth.net
> >
> >
> >
> > --
> > To unsubscribe from this list send an email to
> > users-unsubscribe at shibboleth.net
>
>
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120102/606cc355/attachment.html
More information about the users
mailing list