Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



  • AUTHORIZATION_FAILURE (e.g., entitlement, assurance)

  • REQ_AUTHN_CONTEXT (i.e., requested authentication class issue)

  • AUTHN_TOO_OLD (i.e., time sense authentication is too large)

  • SCOPE (needs further discussion, detected and filtered by at least Shib SP, not distinguished from MISSING_ATTRIBUTES by the application behind the SP in the proxy case)

Next steps: update Working Document; wrap up possible error states; consider any additional fields that will be required -- focus on what different information pages the IdP:s want to have! the error codes should be mapped one-to-one with that