SAML AuthnQuery and AuthnStatement: Difference between revisions
Jump to navigation
Jump to search
| (9 intermediate revisions by the same user not shown) | |||
| Line 16: | Line 16: | ||
<saml:Subject> | <saml:Subject> | ||
<saml:SubjectConfirmation Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password"> | <saml:SubjectConfirmation | ||
Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password"> | |||
<saml:SubjectConfirmationData> | <saml:SubjectConfirmationData> | ||
| Line 35: | Line 36: | ||
</samlp:AuthnQuery> | </samlp:AuthnQuery> | ||
</pre> | |||
==AuthnStatement== | |||
<pre> | |||
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" | |||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" | |||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" | |||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |||
IssueInstant="2005-06-01T09:30:47.0Z" | |||
Version="2.0" | |||
InResponseTo="NCName" | |||
Destination="http://www.example.com" | |||
ID="ID000065"> | |||
... | |||
<samlp:Status> | |||
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> | |||
<samlp:StatusMessage>status is successful</samlp:StatusMessage> | |||
</samlp:Status> | |||
<saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z" | |||
Version="2.0" | |||
ID="ID000072"> | |||
<saml:Issuer NameQualifier="String" Format="http://www.coresecuritypatterns.com" | |||
SPProvidedID="MyServiceProvider" | |||
SPNameQualifier="String"> | |||
Example | |||
</saml:Issuer> | |||
<saml:Subject> | |||
<saml:SubjectConfirmation | |||
Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password"> | |||
<saml:NameID NameQualifier="card:SQLDatabase"> | |||
SomeName | |||
</saml:NameID> | |||
<saml:SubjectConfirmationData | |||
NotBefore="2005-06-01T09:30:47.0Z" | |||
InResponseTo="NCName" | |||
Recipient="http://example.com" | |||
NotOnOrAfter="2005-06-01T09:30:47.0Z" | |||
Address="String"/> | |||
</saml:SubjectConfirmation> | |||
</saml:Subject> | |||
<saml:Conditions | |||
NotBefore="2005-06-01T09:30:47.0Z" | |||
NotOnOrAfter="2005-06-01T09:30:47.0Z"> | |||
<saml:Condition xsi:type="a type derived from ConditionAbstractType"/> | |||
</saml:Conditions> | |||
<saml:Advice> | |||
<saml:AssertionIDRef>NCName</saml:AssertionIDRef> | |||
</saml:Advice> | |||
<saml:AuthnStatement | |||
AuthnInstant="2005-06-0131T12:00:00Z" | |||
SessionIndex="67775277772"> | |||
<saml:AuthnContext> | |||
<saml:AuthnContextClassRef> | |||
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | |||
</saml:AuthnContextClassRef> | |||
</saml:AuthnContext> | |||
</saml:AuthnStatement> | |||
</saml:Assertion> | |||
</samlp:Response> | |||
</pre> | </pre> | ||
Latest revision as of 18:59, 21 February 2017
Internal
Example
AuthnQuery
<samlp:AuthnQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol” ノ>
<saml:Subject>
<saml:SubjectConfirmation
Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password">
<saml:SubjectConfirmationData>
cGFzc3dvcmQ=
<saml:SubjectConfirmationData/>
</saml:SubjectConfirmation>
</saml:Subject>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>
http://www.coresecuritypatterns.com
</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnQuery>
AuthnStatement
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
IssueInstant="2005-06-01T09:30:47.0Z"
Version="2.0"
InResponseTo="NCName"
Destination="http://www.example.com"
ID="ID000065">
...
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
<samlp:StatusMessage>status is successful</samlp:StatusMessage>
</samlp:Status>
<saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z"
Version="2.0"
ID="ID000072">
<saml:Issuer NameQualifier="String" Format="http://www.coresecuritypatterns.com"
SPProvidedID="MyServiceProvider"
SPNameQualifier="String">
Example
</saml:Issuer>
<saml:Subject>
<saml:SubjectConfirmation
Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password">
<saml:NameID NameQualifier="card:SQLDatabase">
SomeName
</saml:NameID>
<saml:SubjectConfirmationData
NotBefore="2005-06-01T09:30:47.0Z"
InResponseTo="NCName"
Recipient="http://example.com"
NotOnOrAfter="2005-06-01T09:30:47.0Z"
Address="String"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions
NotBefore="2005-06-01T09:30:47.0Z"
NotOnOrAfter="2005-06-01T09:30:47.0Z">
<saml:Condition xsi:type="a type derived from ConditionAbstractType"/>
</saml:Conditions>
<saml:Advice>
<saml:AssertionIDRef>NCName</saml:AssertionIDRef>
</saml:Advice>
<saml:AuthnStatement
AuthnInstant="2005-06-0131T12:00:00Z"
SessionIndex="67775277772">
<saml:AuthnContext>
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>