No subject
Mon Oct 8 21:04:51 UTC 2007
value if RP discovery succeeds. If RP discovery fails, then return_to
verification is not attempted.
In the case of an intranet RP (or any other RP that hasn't implemented
discovery), any return_to URL that matches the realm should be
acceptable.
The case where the OP SHOULD NOT return a positive assertion is if:
1. the OP attempts RP discovery
2. RP discovery succeeds
3. the return_to URL is not in the list of discovered RP endpoints
James.
More information about the specs
mailing list