Looking at RFC2616, is it acceptable to return an HTTP 200 (page load) as a response to a SAMLResponse post to the SP? i.e. the user-agent loads a page instead of redirecting via a 302 / 303?
Looking for clarity on 3.4.5 here https://www.oasis-open.org/committees/download.php/35387/sstc-saml-bindings-errata-2.0-wd-05-diff.pdf – does the response to a SAMLResponse POST refer to point 2 or 5?
thanks in advance.