We need to investigate what happens if we try to authenticate using an IdP with an invalid mapping in the protocol. This looks like a regular "unauthorized" error (or equivalent when the mapping fails), so we may start by changing the error return status to something more helpful.
After that, I suggest we deprecate the behavior and enforce the steps as described above.
We need to investigate what happens if we try to authenticate using an IdP with an invalid mapping in the protocol. This looks like a regular "unauthorized" error (or equivalent when the mapping fails), so we may start by changing the error return status to something more helpful.
After that, I suggest we deprecate the behavior and enforce the steps as described above.