3.2.5.1.3 Receiving a wsignin1.0 Response That Specifies a ttpindex

When the relying party receives a wsignin1.0 response that specifies the ttpindex parameter, it MUST evaluate the following conditions in order:

1. The ttpindex value does not conform to message syntax rules (for example, it is not a number; as specified in section 2.2.2.1.1).

2. The ttpindex parameter is not equal to the length, in characters, of the aggregated result. Note that if the aggregated result is not available, it is considered to have length 0 (as specified in section 3.2.1.1.1).

If the message meets one of these conditions, the relying party MUST reject the message and return an HTTP 500 response.

The relying party MUST construct a new aggregated result. If ttpindex is 0, the aggregated result MUST be the value of the wresult parameter; otherwise, the aggregated result MUST be constructed by appending the wresult parameter to the current aggregated result.

The relying party MUST evaluate the ttpsize parameter as follows:

• If the length in characters of the new aggregated result is greater than the value of the ttpsize parameter, the relying party MUST reject the message and return an HTTP 500 response.

• If the length, in characters, of the new aggregated result is equal to the value of the ttpsize parameter, the relying party MUST process the completed result as specified in section 3.2.5.1.4.

• If the length, in characters, of the new aggregated result is less than the value of the ttpsize parameter, the relying party MUST request the next portion of the result as specified in section 3.2.5.1.1.