3.2.5.1 Processing First Authenticated Request Messages

The partner server MUST examine the from-PP parameter in the First Authenticated Request message and determine if it contains valid tokens, according to the validity criteria previously agreed on with the authentication server (as specified in section 1.5).

If the tokens are not valid, the partner server MUST respond with a Partner Server Challenge message. The text strings included in this message are, as in the case of an unauthenticated access attempt (as specified in section 3.2.5.2), strictly a matter of prior agreement between the partner server and the authentication server (as specified in section 1.5).

If the tokens are valid, the partner server MUST respond with a Set Token message. As part of the HTTP response that contains the Set Token message, the partner server MUST set the values of one or more HTTP cookies on the client (as specified in [RFC2109]) containing the value of the from-PP parameter in the received First Authenticated Request message. One or more corresponding tname parameter values MAY be included in the Set Token message. If included, they MUST contain the names of the HTTP cookies set on the client.