Skip to Content.
Sympa Menu

mace-opensaml-users - RE: How to set the status in a SAMLResponse?

Subject: OpenSAML user discussion

List archive

RE: How to set the status in a SAMLResponse?


Chronological Thread 
  • From: "Markus Lorch" <>
  • To: "'Scott Cantor'" <>, 'Brückler Peter' <>
  • Cc: <>
  • Subject: RE: How to set the status in a SAMLResponse?
  • Date: Mon, 21 Feb 2005 11:20:02 -0500
  • Importance: Normal

One suggestion:

If this is an authorization or authentication service you may not
want to tell the client why you failed. Thus for this case I would
recommend to create a SAMLException that contains NO details on why
the operation failed.

For example in an authorizaiton service that I worked on we first try
to return a valid "Indeterminate" response, only if we fail twice
creating such a response then we return something else than samlp:success
and even then we don't include any info on what happened (but we
protocoll it in detail on the server of course)

my 2 cents

Markus

> -----Original Message-----
> From: Scott Cantor
> [mailto:]
>
> Sent: Monday, February 21, 2005 11:08 AM
> To: 'Brückler Peter'
> Cc:
>
> Subject: RE: How to set the status in a SAMLResponse?
>
>
> > If you don't set anything, the value "samlp:Success" will be
> > used automatically, which is fine for the successful
> > scenario, but how to set other values?
>
> Just pass a SAMLException containing the information into the
> SAMLResponse
> constructor.
>
> -- Scott
>




Archive powered by MHonArc 2.6.16.

Top of Page