Home | Public Area
Comment #00122 - Handling failed authorizations - RP-11-201x_ESPReSSO_for_comment.pdf
<< Previous Comment in Document | Next Comment in Document >> Document Details
|
Comment 122
New (Unresolved)
|
 ESPReSSO: Establishing Suggested Practices Regarding Single Sign-On (Revision 0) |
|
Comment Submitted by Bernd Oberknapp 2011-06-22 08:56:29 |
If a user tries to access a resource at a SP the authorization at the SP can fail. For example many IdPs have users who aren't members of the institution and therefore aren't entitled to access content licensed only for members of the institution. In this case the user can login at the IdP but the authorization at the SP will fail. Currently many SPs don't handle this case properly. For example some SPs treat the user as unauthenticated or prompt the user to login again without informing the user that the authorization has failed. |
| Submitter Proposed Solution |
A recommendation for this case should be added. If the authorization fails the SP must inform the user that according to the information provided by his institution he isn't entitled to access the resource he's trying to access. |