IDP response message type on SP missing in metadata
Rainer Hoerbe
rainer at hoerbe.at
Mon May 16 14:28:27 EDT 2016
When an SP is sending an AuthnRequest to a Shib IDP, and the IDP cannot locate the SP’s entityID in its metadata, it will return an HTTP 400 with "The application you have accessed is not registered for use with this service“ in the body. I wonder if this is spec-comliant, because SAML core 3.4.1.4 is saying:
"The responder MUST ultimately reply to an <AuthnRequest> with a <Response> message containing one or more assertions that meet the specifications defined by the request, or with a<Response> message containing a <Status> describing the error that occurred."
Wouldn’t an XML <Response> be the correct answer?
- Rainer
More information about the users
mailing list