mace-opensaml-users - RE: What should behavior be when assertion not found?
Subject: OpenSAML user discussion
List archive
- From: Scott Cantor <>
- To: 'Shannon Kendrick' <>,
- Subject: RE: What should behavior be when assertion not found?
- Date: Wed, 07 May 2003 16:46:46 -0400
- Importance: Normal
- Organization: The Ohio State University
> When an assertion is not found on the authenticating site
> during a browser/artifact profile, what should the SAML
> response return? Is there something akin to an
> AssertionNotFoundException?
In terms of SAML, there are only a few codes defined at the top level, and
probably this would be a samlp:Requester status, I would
think. If the profile documents a specific status be used, then that would be
the choice, obviously, but I don't think it does.
If you mean OpenSAML, I had to decide how to map exceptions to statuses, and
I originally chose to build an exception tree with the
codes carried along as data. I could have mapped the nested status structure
to that class tree, but I just haven't done that, so
there isn't much use of subcodes at this point.
I just throw errors out of different types based on what happened, and I
actually carry along in StatusDetail some information to
allow the proper exception class to be recognized from the XML, but that's a
hack.
This stuff may be worth revisiting at some point.
What you're talking about really has to do with how you expose different
kinds of errors to the higher level code, and that isn't
really defined anywhere. Since the error you're talking about actually has to
cross the SOAP boundary, we would probably have to
define a new exception subclass of the name you suggest perhaps, and you
would then have to pass that in when you build the
response. The caller of send() in the SOAP binding would then receive that
exception type.
Alternatively, you could rely on the subcodes and put something in there when
you build the exception and interrogate the
SAMLException on the other end to look for the subcode.
Probably for now I should just add a new exception for the case where any
query by artifact fails, and you could just use that. It
doesn't exist right now because I didn't have any code that could throw it.
-- Scott
---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
---------------------------------------------------mace-opensaml-users--
- What should behavior be when assertion not found?, Shannon Kendrick, 05/07/2003
- RE: What should behavior be when assertion not found?, Scott Cantor, 05/07/2003
- RE: What should behavior be when assertion not found?, Scott Cantor, 05/11/2003
- RE: What should behavior be when assertion not found?, Scott Cantor, 05/07/2003
Archive powered by MHonArc 2.6.16.