SAML AuthzDecisionQuery and AuthzDecisionStatement: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 41: Line 41:
<pre>
<pre>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"  
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"  
              xmlns:ds="http://www.w3.org/2000/09/xmldsig#"  
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"  
              xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
   IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0"  
   IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0"  
   InResponseTo="NCName"  
   InResponseTo="NCName"  

Revision as of 15:38, 22 February 2017

Internal

Example

AuthzDecisionQuery

<samlp:AuthzDecisionQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                          xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                          xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  IssueInstant="2005-06-01T09:30:47.0Z" 
                  Version="2.0" 
                  InResponseTo="NCName" 
                  Destination="http://example.com" 
                  ID="ID000065">

  <saml:Subject>

    <saml:BaseID xsi:type="a type derived from BaseIDAbstractType"/>

    <saml:SubjectConfirmation Method="http://example.com">
      ...
    </saml:SubjectConfirmation>

  </saml:Subject>

  <saml:Action Namespace="http://www.coresecuritypatterns.com">SomeAction</saml:Action>

  <saml:Evidence>
    ...
  </saml:Evidence>

</samlp:AuthzDecisionQuery>

AuthzDecisionStatement

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
   IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0" 
   InResponseTo="NCName" 
   Destination="http://www.coresecuritypatterns.com" 
   ID="ID000065">
		<saml:Issuer>IssuerName</saml:Issuer>
		<samlp:Status>
 		   <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
		   <samlp:StatusMessage>status is successful</samlp:StatusMessage>
		</samlp:Status>
		<saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0" 
                ID="ID000072">
                ...
<saml:Subject>
                   ...
			</saml:Subject>
			<saml:Conditions NotBefore="2005-06-01T09:30:47.0Z" 
                    NotOnOrAfter="2005-06-01T09:30:47.0Z">
				...
			</saml:Conditions>
			<saml:Advice>
				<saml:AssertionIDRef>NCName</saml:AssertionIDRef>
			</saml:Advice>

            <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
                  
               <saml:Action Namespace="http://www.coresecuritypatterns.com">
                   SomeAction</saml:Action>
               <saml:Evidence>
                  ...
		       </saml:Evidence>
            </saml:AuthzDecisionStatement>
		</saml:Assertion>
</samlp:Response>
Retrieved from "https://kb.novaordis.com/index.php?title=SAML_AuthzDecisionQuery_and_AuthzDecisionStatement&oldid=17388"