From 1b2b0cce62f09510587af8722a7d367ee77c8a02 Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Tue, 16 Dec 2014 13:12:12 +0100 Subject: [PATCH] Hopefully more informative text. --- doc/howto/rp.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/howto/rp.rst b/doc/howto/rp.rst index bd2da2c..27dbfe8 100644 --- a/doc/howto/rp.rst +++ b/doc/howto/rp.rst @@ -250,6 +250,9 @@ and to mitigate replay attacks. Since you will need both these arguments later in the process you probably want to store them in a session object (assumed to look like a dictionary). +Also even if you initiate one Client instance per OP you probably won't do it +per user so you have to keep the state and nonce variables that belongs to +an user together and separate from other users. Most probable the response to this request will be a redirect to some other URL where the authentication is performed.