That was my concern too. But I believe this is not going to impact backward compátibility compatibility , for one reason. The SP just ignores non-success responses from the IdP. Or even better, any response that does not contain an assertion in it.
I've run our integration tests and added a few more to cover scenarios where a non-success response is replied by the IdP.
That said, the chances that a SP is manually handling those responses are minimal.
Another important driver for this issue is compliance with the specs. Even if there are SPs relying on the wrong format, they should be fixed to properly conform with the specs.
|
