In the spec it shows an example of the 'signed' fields returned from a check_id_* request as "mode,identity,return_to". However if you try and do a <br>check_authentication it will always fail because the mode will always be check_authentication not.
<br><br>Should the mode really be included in the signed list? We came across this problem when our load-balancing failed and a consumer (IDPrism) recieved a valid response intended for another server. The response was valid but the assoc_handle was setup on another server! When the Consumer tries to use dumb mode to check the authentication the provider returns "is_valid:false" because the signed fields included mode - and that has now changed.
<br><br>Is this a bug in the spec?<br><br>Kev<br>