Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


When the Application generates an AuthnRequest, it stores the ID of this request. The corresponding response from the IdP must have the InResponseTo attribute set to the same ID value, so the application can verify that the Response is meant for the Request that has been sent. The Application removes this ID once it has been processed.

There are some rare cases that can happen that the Application can not match the ID, such as:

  • You have bookmarked the Request to the IdP server. In this case the ID has been removed in a previous login response.
  • The browser sends the Response Twice (e.g. the user clicks on the reload page button)
  • ...