SAML AuthzDecisionQuery and AuthzDecisionStatement: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 80: Line 80:
     <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
     <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
                    
                    
    <saml:Action Namespace="http://www.coresecuritypatterns.com">
        <saml:Action Namespace="http://www.coresecuritypatterns.com">
                  SomeAction
                      SomeAction
    </saml:Action>
        </saml:Action>
 
        <saml:Evidence>
          ...
        </saml:Evidence>
 
    </saml:AuthzDecisionStatement>
 
  </saml:Assertion>


              <saml:Evidence>
                  ...
      </saml:Evidence>
            </saml:AuthzDecisionStatement>
</saml:Assertion>
</samlp:Response>
</samlp:Response>
</pre>
</pre>

Latest revision as of 17:26, 22 February 2017

Internal

Example

AuthzDecisionQuery

<samlp:AuthzDecisionQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                          xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                          xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  IssueInstant="2005-06-01T09:30:47.0Z" 
                  Version="2.0" 
                  InResponseTo="NCName" 
                  Destination="http://example.com" 
                  ID="ID000065">

  <saml:Subject>

    <saml:BaseID xsi:type="a type derived from BaseIDAbstractType"/>

    <saml:SubjectConfirmation Method="http://example.com">
      ...
    </saml:SubjectConfirmation>

  </saml:Subject>

  <saml:Action Namespace="http://www.coresecuritypatterns.com">SomeAction</saml:Action>

  <saml:Evidence>
    ...
  </saml:Evidence>

</samlp:AuthzDecisionQuery>

AuthzDecisionStatement

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        IssueInstant="2005-06-01T09:30:47.0Z" 
        Version="2.0" 
        InResponseTo="NCName" 
        Destination="http://example.com" 
       ID="ID000065">

  <saml:Issuer>IssuerName</saml:Issuer>

  <samlp:Status>

    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    <samlp:StatusMessage>status is successful</samlp:StatusMessage>

  </samlp:Status>

  <saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z" 
         Version="2.0" 
         ID="ID000072">

    ...
    <saml:Subject>
      ...
    </saml:Subject>

    <saml:Conditions NotBefore="2005-06-01T09:30:47.0Z" 
                                NotOnOrAfter="2005-06-01T09:30:47.0Z">
      ...

    </saml:Conditions>

    <saml:Advice>
      <saml:AssertionIDRef>NCName</saml:AssertionIDRef>
    </saml:Advice>

    <saml:AuthzDecisionStatement Resource="Printer" Decision="Deny">
                  
        <saml:Action Namespace="http://www.coresecuritypatterns.com">
                       SomeAction
        </saml:Action>

        <saml:Evidence>
           ...
        </saml:Evidence>

     </saml:AuthzDecisionStatement>

  </saml:Assertion>

</samlp:Response>