Closed jtalir closed 5 years ago
Application fails when IdP responds with something other than LoA. In any case - it should not fail, but continue with LightResponse containing message about failure.
That's possible.
But I also suggest to to have an option to set relaxed mode where if response status is Success (it means that LoA is fullfilled) it would replace LoA from Response with LoA from Request (if it is known).
At the time we get the IdP response, the corresponding light request is already removed.
@jtalir suggested adding an optional mapping of non-LoA AuthnContextClassRef to LoA.
@jtalir suggested adding an optional mapping of non-LoA AuthnContextClassRef to LoA.
Moved to #63.
Application fails when IdP responds with something other than LoA. In any case - it should not fail, but continue with LightResponse containing message about failure. But I also suggest to to have an option to set relaxed mode where if response status is Success (it means that LoA is fullfilled) it would replace LoA from Response with LoA from Request (if it is known).