SAML AuthzDecisionQuery and AuthzDecisionStatement: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 41: Line 41:
<pre>
<pre>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"  
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"  
              xmlns:ds="http://www.w3.org/2000/09/xmldsig#"  
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"  
              xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
  IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0"  
        IssueInstant="2005-06-01T09:30:47.0Z"  
  InResponseTo="NCName"  
        Version="2.0"  
  Destination="http://www.coresecuritypatterns.com"  
        InResponseTo="NCName"  
  ID="ID000065">
        Destination="http://example.com"  
<saml:Issuer>IssuerName</saml:Issuer>
      ID="ID000065">
<samlp:Status>
  <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  <samlp:StatusMessage>status is successful</samlp:StatusMessage>
</samlp:Status>
<saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0"
                ID="ID000072">
                ...
<saml:Subject>
                  ...
</saml:Subject>
<saml:Conditions NotBefore="2005-06-01T09:30:47.0Z"
                    NotOnOrAfter="2005-06-01T09:30:47.0Z">
...
</saml:Conditions>
<saml:Advice>
<saml:AssertionIDRef>NCName</saml:AssertionIDRef>
</saml:Advice>


            <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
  <saml:Issuer>IssuerName</saml:Issuer>
 
  <samlp:Status>
 
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    <samlp:StatusMessage>status is successful</samlp:StatusMessage>
 
  </samlp:Status>
 
  <saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z"
        Version="2.0"
        ID="ID000072">
 
    ...
    <saml:Subject>
      ...
    </saml:Subject>
 
    <saml:Conditions NotBefore="2005-06-01T09:30:47.0Z"
                                NotOnOrAfter="2005-06-01T09:30:47.0Z">
      ...
 
    </saml:Conditions>
 
    <saml:Advice>
      <saml:AssertionIDRef>NCName</saml:AssertionIDRef>
    </saml:Advice>
 
    <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
                    
                    
              <saml:Action Namespace="http://www.coresecuritypatterns.com">
        <saml:Action Namespace="http://www.coresecuritypatterns.com">
                  SomeAction</saml:Action>
                      SomeAction
              <saml:Evidence>
        </saml:Action>
                  ...
 
      </saml:Evidence>
        <saml:Evidence>
            </saml:AuthzDecisionStatement>
          ...
</saml:Assertion>
        </saml:Evidence>
 
    </saml:AuthzDecisionStatement>
 
  </saml:Assertion>
 
</samlp:Response>
</samlp:Response>
</pre>
</pre>

Latest revision as of 17:26, 22 February 2017

Internal

Example

AuthzDecisionQuery

<samlp:AuthzDecisionQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                          xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                          xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  IssueInstant="2005-06-01T09:30:47.0Z" 
                  Version="2.0" 
                  InResponseTo="NCName" 
                  Destination="http://example.com" 
                  ID="ID000065">

  <saml:Subject>

    <saml:BaseID xsi:type="a type derived from BaseIDAbstractType"/>

    <saml:SubjectConfirmation Method="http://example.com">
      ...
    </saml:SubjectConfirmation>

  </saml:Subject>

  <saml:Action Namespace="http://www.coresecuritypatterns.com">SomeAction</saml:Action>

  <saml:Evidence>
    ...
  </saml:Evidence>

</samlp:AuthzDecisionQuery>

AuthzDecisionStatement

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        IssueInstant="2005-06-01T09:30:47.0Z" 
        Version="2.0" 
        InResponseTo="NCName" 
        Destination="http://example.com" 
       ID="ID000065">

  <saml:Issuer>IssuerName</saml:Issuer>

  <samlp:Status>

    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    <samlp:StatusMessage>status is successful</samlp:StatusMessage>

  </samlp:Status>

  <saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z" 
         Version="2.0" 
         ID="ID000072">

    ...
    <saml:Subject>
      ...
    </saml:Subject>

    <saml:Conditions NotBefore="2005-06-01T09:30:47.0Z" 
                                NotOnOrAfter="2005-06-01T09:30:47.0Z">
      ...

    </saml:Conditions>

    <saml:Advice>
      <saml:AssertionIDRef>NCName</saml:AssertionIDRef>
    </saml:Advice>

    <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
                  
        <saml:Action Namespace="http://www.coresecuritypatterns.com">
                       SomeAction
        </saml:Action>

        <saml:Evidence>
           ...
        </saml:Evidence>

     </saml:AuthzDecisionStatement>

  </saml:Assertion>

</samlp:Response>