Home | Public Area
#00122 Comment Details - RP-11-201x_ESPReSSO_for_comment.pdf
| Document Information | |||
| Title | ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On | ||
| File Name | RP-11-201x_ESPReSSO_for_comment.pdf | State | Draft |
| Date Added | 2011-05-22 18:46:54 | Revision Number | 0 |
| Submitter Name | Cynthia Hodgson | Size | 1MB |
| Comment Information | |||
| Summary | Handling failed authorizations |
State (Disposition) | New (Unresolved) |
| Date Added | 2011-06-22 08:56:29 | Last Updated | 2011-06-22 08:56:29 |
| Submitter Name | Bernd Oberknapp | Assigned To | Unassigned |
| Company Name | Freiburg University Library | Response | None |
| Interest Category | Category | Substantive | |
| Origin | Public Review | Section, Page, Line | |
| Item | Item Description | ||
| Submitter Comment |
If a user tries to access a resource at a SP the authorization at the SP can fail. For example many IdPs have users who aren't members of the institution and therefore aren't entitled to access content licensed only for members of the institution. In this case the user can login at the IdP but the authorization at the SP will fail. Currently many SPs don't handle this case properly. For example some SPs treat the user as unauthenticated or prompt the user to login again without informing the user that the authorization has failed. |
| Submitter Proposed Solution |
A recommendation for this case should be added. If the authorization fails the SP must inform the user that according to the information provided by his institution he isn't entitled to access the resource he's trying to access. |