SAML SOAP Binding: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 8: Line 8:
=SAML Request=
=SAML Request=


The SAML request consists in a SOAP Envelope and a SOAP Body. The SOAP Body includes a Security Token, a digital signature, generated using [[XML Signature]] and the request data.
The SAML request consists in a SOAP Envelope that contains a SOAP Body. The SOAP Body typically includes a Security Token, a digital signature, generated using [[XML Signature]] and the request data. An AuthnRequest follows:
 
An AuthnRequest example:


<pre>
<pre>
<env:Envelope xmlns:env=”http://www.w3.org/2003/05/soap/envelope/”>
<env:Envelope xmlns:env=”http://www.w3.org/2003/05/soap/envelope/”>


    <env:Body>
  <env:Body>
 
    <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
          ForceAuthn="true"
          AssertionConsumerServiceURL="http://www.example.com/serviceA/"
          AttributeConsumingServiceIndex="0"
          ProviderName="string"
          ID="skdfa7234"
          Version="2.0"
          IssueInstant="2005-06-01T01:00:00Z"
          Destination="http://www.example.com/"
          Consent="http://www.example.com/">
 
      <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
 
        <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
          user1@example.com
        </saml:NameID>
 
      </saml:Subject>
 
    </samlp:AuthnRequest>


        <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
  </env:Body>
                      ForceAuthn="true"
                      AssertionConsumerServiceURL="http://www.example.com/serviceA/"
                      AttributeConsumingServiceIndex="0"
                      ProviderName="string"
                      ID="skdfa7234"
                      Version="2.0"
                      IssueInstant="2005-06-01T01:00:00Z"
                      Destination="http://www.example.com/"
                      Consent="http://www.example.com/">


            <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
                <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
                    user1@example.com
                </saml:NameID>
            </saml:Subject>
        </samlp:AuthnRequest>
    </env:Body>
</env:Envelope>
</env:Envelope>
</pre>
</pre>
Line 40: Line 43:
=SAML Response=
=SAML Response=


The SAML response also consists in a SOAP Envelope and a SOAP Body. The SOAP Body includes the digital signature and the response data.
The SAML response also consists of a SOAP Envelope that includes a SOAP Body. The SOAP Body includes the digital signature and the response data, in form of a Response that includes a SAML Assertion. A SAML AuthenticationStatement assertion example follows:
 
<pre>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
 
  <env:Body>
 
    <samlp:Response xmlns:samlp="..." xmlns:saml="..." xmlns:ds="...">
 
      <Status>
        <StatusCode value=”urn:oasis:names:tc:SAML:2.0:status:Success”/>   
      </Status>
 
      <saml:Assertion>
 
        ...
       
        <saml:AuthnStatement>
            ...
        </saml:AuthnStatement>
 
      </saml:Assertion>
 
    </samlp:Response>
 
  </env:Body>
 
</env:Envelope>
</pre>
 
More details about SAML Assertions can be found here: {{Internal|SAML_Concepts#SAML_Assertion|SAML Assertions}}

Latest revision as of 18:35, 21 February 2017

Internal

Overview

SAML Request

The SAML request consists in a SOAP Envelope that contains a SOAP Body. The SOAP Body typically includes a Security Token, a digital signature, generated using XML Signature and the request data. An AuthnRequest follows:

<env:Envelope xmlns:env=”http://www.w3.org/2003/05/soap/envelope/”>

  <env:Body>

    <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
           ForceAuthn="true"
           AssertionConsumerServiceURL="http://www.example.com/serviceA/"
           AttributeConsumingServiceIndex="0"
           ProviderName="string"
           ID="skdfa7234"
           Version="2.0"
           IssueInstant="2005-06-01T01:00:00Z"
           Destination="http://www.example.com/"
           Consent="http://www.example.com/">

      <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

        <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
          user1@example.com
        </saml:NameID>

       </saml:Subject>

     </samlp:AuthnRequest>

  </env:Body>

</env:Envelope>

SAML Response

The SAML response also consists of a SOAP Envelope that includes a SOAP Body. The SOAP Body includes the digital signature and the response data, in form of a Response that includes a SAML Assertion. A SAML AuthenticationStatement assertion example follows:

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">

  <env:Body>

    <samlp:Response xmlns:samlp="..." xmlns:saml="..." xmlns:ds="...">

      <Status> 
        <StatusCode value=”urn:oasis:names:tc:SAML:2.0:status:Success”/>     
      </Status>

      <saml:Assertion>

        ...
        
        <saml:AuthnStatement>
            ...
        </saml:AuthnStatement>

      </saml:Assertion>

    </samlp:Response>

  </env:Body>

</env:Envelope>

More details about SAML Assertions can be found here:

SAML Assertions