SAML SOAP Binding: Difference between revisions
Jump to navigation
Jump to search
(5 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
=SAML Request= | =SAML Request= | ||
The SAML request consists in a SOAP Envelope that contains a SOAP Body. The SOAP Body typically includes a Security Token, a digital signature, generated using [[XML Signature]] and the request data. | The SAML request consists in a SOAP Envelope that contains a SOAP Body. The SOAP Body typically includes a Security Token, a digital signature, generated using [[XML Signature]] and the request data. An AuthnRequest follows: | ||
An AuthnRequest | |||
<pre> | <pre> | ||
Line 45: | Line 43: | ||
=SAML Response= | =SAML Response= | ||
The SAML response also consists of a SOAP Envelope that includes a SOAP Body. The SOAP Body includes the digital signature and the response data. | The SAML response also consists of a SOAP Envelope that includes a SOAP Body. The SOAP Body includes the digital signature and the response data, in form of a Response that includes a SAML Assertion. A SAML AuthenticationStatement assertion example follows: | ||
<pre> | <pre> | ||
Line 61: | Line 57: | ||
<saml:Assertion> | <saml:Assertion> | ||
... | |||
<saml: | <saml:AuthnStatement> | ||
... | ... | ||
</saml: | </saml:AuthnStatement> | ||
</saml:Assertion> | </saml:Assertion> | ||
Line 74: | Line 72: | ||
</env:Envelope> | </env:Envelope> | ||
</pre> | </pre> | ||
More details about SAML Assertions can be found here: {{Internal|SAML_Concepts#SAML_Assertion|SAML Assertions}} |
Latest revision as of 18:35, 21 February 2017
Internal
Overview
SAML Request
The SAML request consists in a SOAP Envelope that contains a SOAP Body. The SOAP Body typically includes a Security Token, a digital signature, generated using XML Signature and the request data. An AuthnRequest follows:
<env:Envelope xmlns:env=”http://www.w3.org/2003/05/soap/envelope/”> <env:Body> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ForceAuthn="true" AssertionConsumerServiceURL="http://www.example.com/serviceA/" AttributeConsumingServiceIndex="0" ProviderName="string" ID="skdfa7234" Version="2.0" IssueInstant="2005-06-01T01:00:00Z" Destination="http://www.example.com/" Consent="http://www.example.com/"> <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> user1@example.com </saml:NameID> </saml:Subject> </samlp:AuthnRequest> </env:Body> </env:Envelope>
SAML Response
The SAML response also consists of a SOAP Envelope that includes a SOAP Body. The SOAP Body includes the digital signature and the response data, in form of a Response that includes a SAML Assertion. A SAML AuthenticationStatement assertion example follows:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Body> <samlp:Response xmlns:samlp="..." xmlns:saml="..." xmlns:ds="..."> <Status> <StatusCode value=”urn:oasis:names:tc:SAML:2.0:status:Success”/> </Status> <saml:Assertion> ... <saml:AuthnStatement> ... </saml:AuthnStatement> </saml:Assertion> </samlp:Response> </env:Body> </env:Envelope>
More details about SAML Assertions can be found here: