SAML AuthzDecisionQuery and AuthzDecisionStatement: Difference between revisions
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 41: | Line 41: | ||
<pre> | <pre> | ||
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" | <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" | ||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" | |||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" | |||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |||
IssueInstant="2005-06-01T09:30:47.0Z" | |||
Version="2.0" | |||
InResponseTo="NCName" | |||
Destination="http://example.com" | |||
ID="ID000065"> | |||
<saml:Issuer>IssuerName</saml:Issuer> | |||
<samlp:Status> | |||
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> | |||
<samlp:StatusMessage>status is successful</samlp:StatusMessage> | |||
</samlp:Status> | |||
<saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z" | |||
Version="2.0" | |||
ID="ID000072"> | |||
... | |||
<saml:Subject> | |||
... | |||
</saml:Subject> | |||
<saml:Conditions NotBefore="2005-06-01T09:30:47.0Z" | |||
NotOnOrAfter="2005-06-01T09:30:47.0Z"> | |||
... | |||
</saml:Conditions> | |||
<saml:Advice> | |||
<saml:AssertionIDRef>NCName</saml:AssertionIDRef> | |||
</saml:Advice> | |||
<saml:AuthzDecisionStatement Resource="Printer" Decision="Deny"> | |||
<saml:Action Namespace="http://www.coresecuritypatterns.com"> | |||
SomeAction | |||
</saml:Action> | |||
<saml:Evidence> | |||
... | |||
</saml:Evidence> | |||
</saml:AuthzDecisionStatement> | |||
</saml:Assertion> | |||
</samlp:Response> | </samlp:Response> | ||
</pre> | </pre> | ||
Latest revision as of 17:26, 22 February 2017
Internal
Example
AuthzDecisionQuery
<samlp:AuthzDecisionQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
IssueInstant="2005-06-01T09:30:47.0Z"
Version="2.0"
InResponseTo="NCName"
Destination="http://example.com"
ID="ID000065">
<saml:Subject>
<saml:BaseID xsi:type="a type derived from BaseIDAbstractType"/>
<saml:SubjectConfirmation Method="http://example.com">
...
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Action Namespace="http://www.coresecuritypatterns.com">SomeAction</saml:Action>
<saml:Evidence>
...
</saml:Evidence>
</samlp:AuthzDecisionQuery>
AuthzDecisionStatement
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
IssueInstant="2005-06-01T09:30:47.0Z"
Version="2.0"
InResponseTo="NCName"
Destination="http://example.com"
ID="ID000065">
<saml:Issuer>IssuerName</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
<samlp:StatusMessage>status is successful</samlp:StatusMessage>
</samlp:Status>
<saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z"
Version="2.0"
ID="ID000072">
...
<saml:Subject>
...
</saml:Subject>
<saml:Conditions NotBefore="2005-06-01T09:30:47.0Z"
NotOnOrAfter="2005-06-01T09:30:47.0Z">
...
</saml:Conditions>
<saml:Advice>
<saml:AssertionIDRef>NCName</saml:AssertionIDRef>
</saml:Advice>
<saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
<saml:Action Namespace="http://www.coresecuritypatterns.com">
SomeAction
</saml:Action>
<saml:Evidence>
...
</saml:Evidence>
</saml:AuthzDecisionStatement>
</saml:Assertion>
</samlp:Response>