SAML AuthzDecisionQuery and AuthzDecisionStatement
Jump to navigation
Jump to search
Internal
Example
AuthzDecisionQuery
<samlp:AuthzDecisionQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0" InResponseTo="NCName" Destination="http://example.com" ID="ID000065"> <saml:Subject> <saml:BaseID xsi:type="a type derived from BaseIDAbstractType"/> <saml:SubjectConfirmation Method="http://example.com"> ... </saml:SubjectConfirmation> </saml:Subject> <saml:Action Namespace="http://www.coresecuritypatterns.com">SomeAction</saml:Action> <saml:Evidence> ... </saml:Evidence> </samlp:AuthzDecisionQuery>
AuthzDecisionStatement
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0" InResponseTo="NCName" Destination="http://example.com" ID="ID000065"> <saml:Issuer>IssuerName</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> <samlp:StatusMessage>status is successful</samlp:StatusMessage> </samlp:Status> <saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0" ID="ID000072"> ... <saml:Subject> ... </saml:Subject> <saml:Conditions NotBefore="2005-06-01T09:30:47.0Z" NotOnOrAfter="2005-06-01T09:30:47.0Z"> ... </saml:Conditions> <saml:Advice> <saml:AssertionIDRef>NCName</saml:AssertionIDRef> </saml:Advice> <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny"> <saml:Action Namespace="http://www.coresecuritypatterns.com"> SomeAction </saml:Action> <saml:Evidence> ... </saml:Evidence> </saml:AuthzDecisionStatement> </saml:Assertion> </samlp:Response>