No subject


Mon Oct 8 21:04:51 UTC 2007


value if RP discovery succeeds.  If RP discovery fails, then return_to
verification is not attempted.

In the case of an intranet RP (or any other RP that hasn't implemented
discovery), any return_to URL that matches the realm should be
acceptable.

The case where the OP SHOULD NOT return a positive assertion is if:
 1. the OP attempts RP discovery
 2. RP discovery succeeds
 3. the return_to URL is not in the list of discovered RP endpoints

James.


More information about the specs mailing list