SAML AuthzDecisionQuery and AuthzDecisionStatement

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Example

AuthzDecisionQuery

<samlp:AuthzDecisionQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                          xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                          xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  IssueInstant="2005-06-01T09:30:47.0Z" 
                  Version="2.0" 
                  InResponseTo="NCName" 
                  Destination="http://example.com" 
                  ID="ID000065">

  <saml:Subject>

    <saml:BaseID xsi:type="a type derived from BaseIDAbstractType"/>

    <saml:SubjectConfirmation Method="http://example.com">
      ...
    </saml:SubjectConfirmation>

  </saml:Subject>

  <saml:Action Namespace="http://www.coresecuritypatterns.com">SomeAction</saml:Action>

  <saml:Evidence>
    ...
  </saml:Evidence>

</samlp:AuthzDecisionQuery>

AuthzDecisionStatement

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        IssueInstant="2005-06-01T09:30:47.0Z" 
        Version="2.0" 
        InResponseTo="NCName" 
        Destination="http://example.com" 
       ID="ID000065">

  <saml:Issuer>IssuerName</saml:Issuer>

  <samlp:Status>

    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    <samlp:StatusMessage>status is successful</samlp:StatusMessage>

  </samlp:Status>

  <saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z" 
         Version="2.0" 
         ID="ID000072">

    ...
    <saml:Subject>
      ...
    </saml:Subject>

    <saml:Conditions NotBefore="2005-06-01T09:30:47.0Z" 
                                NotOnOrAfter="2005-06-01T09:30:47.0Z">
      ...

    </saml:Conditions>

    <saml:Advice>
      <saml:AssertionIDRef>NCName</saml:AssertionIDRef>
    </saml:Advice>

    <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
                  
        <saml:Action Namespace="http://www.coresecuritypatterns.com">
                       SomeAction
        </saml:Action>

        <saml:Evidence>
           ...
        </saml:Evidence>

     </saml:AuthzDecisionStatement>

  </saml:Assertion>

</samlp:Response>