SAML AuthzDecisionQuery and AuthzDecisionStatement: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 9: Line 9:
<pre>
<pre>
<samlp:AuthzDecisionQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"  
<samlp:AuthzDecisionQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"  
                        xmlns:ds="http://www.w3.org/2000/09/xmldsig#"  
                          xmlns:ds="http://www.w3.org/2000/09/xmldsig#"  
                        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
                          xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
  IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0"  
                  IssueInstant="2005-06-01T09:30:47.0Z"  
  InResponseTo="NCName"  
                  Version="2.0"  
  Destination="http://www.coresecuritypatterns.com"  
                  InResponseTo="NCName"  
  ID="ID000065">
                  Destination="http://example.com"  
<saml:Subject>
                  ID="ID000065">
<saml:BaseID xsi:type="a type derived from BaseIDAbstractType"/>
 
<saml:SubjectConfirmation Method="http://www.coresecuritypatterns.com">
  <saml:Subject>
                  ...
 
</saml:SubjectConfirmation>
    <saml:BaseID xsi:type="a type derived from BaseIDAbstractType"/>
</saml:Subject>
 
<saml:Action Namespace="http://www.coresecuritypatterns.com">SomeAction</saml:Action>
    <saml:SubjectConfirmation Method="http://example.com">
<saml:Evidence>
      ...
            ...
    </saml:SubjectConfirmation>
</saml:Evidence>
 
  </saml:Subject>
 
  <saml:Action Namespace="http://www.coresecuritypatterns.com">SomeAction</saml:Action>
 
  <saml:Evidence>
    ...
  </saml:Evidence>
 
</samlp:AuthzDecisionQuery>
</samlp:AuthzDecisionQuery>
</pre>
</pre>
Line 32: Line 40:


<pre>
<pre>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        IssueInstant="2005-06-01T09:30:47.0Z"
        Version="2.0"
        InResponseTo="NCName"
        Destination="http://example.com"
      ID="ID000065">
  <saml:Issuer>IssuerName</saml:Issuer>
  <samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    <samlp:StatusMessage>status is successful</samlp:StatusMessage>
  </samlp:Status>
  <saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z"
        Version="2.0"
        ID="ID000072">
    ...
    <saml:Subject>
      ...
    </saml:Subject>
    <saml:Conditions NotBefore="2005-06-01T09:30:47.0Z"
                                NotOnOrAfter="2005-06-01T09:30:47.0Z">
      ...
    </saml:Conditions>
    <saml:Advice>
      <saml:AssertionIDRef>NCName</saml:AssertionIDRef>
    </saml:Advice>
    <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
                 
        <saml:Action Namespace="http://www.coresecuritypatterns.com">
                      SomeAction
        </saml:Action>
        <saml:Evidence>
          ...
        </saml:Evidence>
    </saml:AuthzDecisionStatement>
  </saml:Assertion>
</samlp:Response>
</pre>
</pre>

Latest revision as of 17:26, 22 February 2017

Internal

Example

AuthzDecisionQuery

<samlp:AuthzDecisionQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                          xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                          xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  IssueInstant="2005-06-01T09:30:47.0Z" 
                  Version="2.0" 
                  InResponseTo="NCName" 
                  Destination="http://example.com" 
                  ID="ID000065">

  <saml:Subject>

    <saml:BaseID xsi:type="a type derived from BaseIDAbstractType"/>

    <saml:SubjectConfirmation Method="http://example.com">
      ...
    </saml:SubjectConfirmation>

  </saml:Subject>

  <saml:Action Namespace="http://www.coresecuritypatterns.com">SomeAction</saml:Action>

  <saml:Evidence>
    ...
  </saml:Evidence>

</samlp:AuthzDecisionQuery>

AuthzDecisionStatement

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        IssueInstant="2005-06-01T09:30:47.0Z" 
        Version="2.0" 
        InResponseTo="NCName" 
        Destination="http://example.com" 
       ID="ID000065">

  <saml:Issuer>IssuerName</saml:Issuer>

  <samlp:Status>

    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    <samlp:StatusMessage>status is successful</samlp:StatusMessage>

  </samlp:Status>

  <saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z" 
         Version="2.0" 
         ID="ID000072">

    ...
    <saml:Subject>
      ...
    </saml:Subject>

    <saml:Conditions NotBefore="2005-06-01T09:30:47.0Z" 
                                NotOnOrAfter="2005-06-01T09:30:47.0Z">
      ...

    </saml:Conditions>

    <saml:Advice>
      <saml:AssertionIDRef>NCName</saml:AssertionIDRef>
    </saml:Advice>

    <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
                  
        <saml:Action Namespace="http://www.coresecuritypatterns.com">
                       SomeAction
        </saml:Action>

        <saml:Evidence>
           ...
        </saml:Evidence>

     </saml:AuthzDecisionStatement>

  </saml:Assertion>

</samlp:Response>