SAML SOAP Binding: Difference between revisions
Jump to navigation
Jump to search
| (10 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
=SAML Request= | =SAML Request= | ||
The SAML request consists in a SOAP Envelope | The SAML request consists in a SOAP Envelope that contains a SOAP Body. The SOAP Body typically includes a Security Token, a digital signature, generated using [[XML Signature]] and the request data. An AuthnRequest follows: | ||
An AuthnRequest | |||
<pre> | <pre> | ||
| Line 19: | Line 17: | ||
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" | <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" | ||
ForceAuthn="true" | ForceAuthn="true" | ||
AssertionConsumerServiceURL="http://www.example.com/serviceA/" | |||
AttributeConsumingServiceIndex="0" | |||
ProviderName="string" | |||
ID="skdfa7234" | |||
Version="2.0" | |||
IssueInstant="2005-06-01T01:00:00Z" | |||
Destination="http://www.example.com/" | |||
Consent="http://www.example.com/"> | |||
<saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> | |||
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> | |||
user1@example.com | |||
</saml:NameID> | |||
</saml:Subject> | |||
</samlp:AuthnRequest> | |||
</env:Body> | |||
</env:Envelope> | </env:Envelope> | ||
</pre> | </pre> | ||
| Line 40: | Line 43: | ||
=SAML Response= | =SAML Response= | ||
The SAML response also consists | The SAML response also consists of a SOAP Envelope that includes a SOAP Body. The SOAP Body includes the digital signature and the response data, in form of a Response that includes a SAML Assertion. A SAML AuthenticationStatement assertion example follows: | ||
<pre> | |||
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> | |||
<env:Body> | |||
<samlp:Response xmlns:samlp="..." xmlns:saml="..." xmlns:ds="..."> | |||
<Status> | |||
<StatusCode value=”urn:oasis:names:tc:SAML:2.0:status:Success”/> | |||
</Status> | |||
<saml:Assertion> | |||
... | |||
<saml:AuthnStatement> | |||
... | |||
</saml:AuthnStatement> | |||
</saml:Assertion> | |||
</samlp:Response> | |||
</env:Body> | |||
</env:Envelope> | |||
</pre> | |||
More details about SAML Assertions can be found here: {{Internal|SAML_Concepts#SAML_Assertion|SAML Assertions}} | |||
Latest revision as of 18:35, 21 February 2017
Internal
Overview
SAML Request
The SAML request consists in a SOAP Envelope that contains a SOAP Body. The SOAP Body typically includes a Security Token, a digital signature, generated using XML Signature and the request data. An AuthnRequest follows:
<env:Envelope xmlns:env=”http://www.w3.org/2003/05/soap/envelope/”>
<env:Body>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ForceAuthn="true"
AssertionConsumerServiceURL="http://www.example.com/serviceA/"
AttributeConsumingServiceIndex="0"
ProviderName="string"
ID="skdfa7234"
Version="2.0"
IssueInstant="2005-06-01T01:00:00Z"
Destination="http://www.example.com/"
Consent="http://www.example.com/">
<saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
user1@example.com
</saml:NameID>
</saml:Subject>
</samlp:AuthnRequest>
</env:Body>
</env:Envelope>
SAML Response
The SAML response also consists of a SOAP Envelope that includes a SOAP Body. The SOAP Body includes the digital signature and the response data, in form of a Response that includes a SAML Assertion. A SAML AuthenticationStatement assertion example follows:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<samlp:Response xmlns:samlp="..." xmlns:saml="..." xmlns:ds="...">
<Status>
<StatusCode value=”urn:oasis:names:tc:SAML:2.0:status:Success”/>
</Status>
<saml:Assertion>
...
<saml:AuthnStatement>
...
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
</env:Body>
</env:Envelope>
More details about SAML Assertions can be found here: