SAML AuthnQuery and AuthnStatement: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(10 intermediate revisions by the same user not shown)
Line 9: Line 9:
<pre>
<pre>
<samlp:AuthnQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"   
<samlp:AuthnQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"   
                    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"  
                  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"  
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
                  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
  xsi:schemaLocation=
                  xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol” ノ>
  "urn:oasis:names:tc:SAML:2.0:protocol” ノ >
 
<saml:Subject>
  <saml:Subject>
  <saml:SubjectConfirmation Method=
 
    "http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password">
    <saml:SubjectConfirmation  
            Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password">
 
       <saml:SubjectConfirmationData>  
       <saml:SubjectConfirmationData>  
         cGFzc3dvcmQ=
         cGFzc3dvcmQ=
       <saml:SubjectConfirmationData/>
       <saml:SubjectConfirmationData/>
</saml:SubjectConfirmation>
 
</saml:Subject>
    </saml:SubjectConfirmation>
<samlp:RequestedAuthnContext Comparison="exact">
 
  <saml:AuthnContextClassRef>
  </saml:Subject>
    http://www.coresecuritypatterns.com
 
   </saml:AuthnContextClassRef>
  <samlp:RequestedAuthnContext Comparison="exact">
 
    <saml:AuthnContextClassRef>
      http://www.coresecuritypatterns.com
    </saml:AuthnContextClassRef>
 
  </samlp:RequestedAuthnContext>
 
</samlp:AuthnQuery>
</pre>
 
==AuthnStatement==
 
<pre>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                IssueInstant="2005-06-01T09:30:47.0Z"
                Version="2.0"
                InResponseTo="NCName"
                Destination="http://www.example.com"
                ID="ID000065">
 
        ...
 
  <samlp:Status>
 
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
 
    <samlp:StatusMessage>status is successful</samlp:StatusMessage>
 
  </samlp:Status>
 
   <saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z"
                  Version="2.0"
                  ID="ID000072">
 
    <saml:Issuer NameQualifier="String" Format="http://www.coresecuritypatterns.com"
                SPProvidedID="MyServiceProvider"
                SPNameQualifier="String">
          Example
    </saml:Issuer>
 
    <saml:Subject>
 
      <saml:SubjectConfirmation
          Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password">
 
        <saml:NameID NameQualifier="card:SQLDatabase">
            SomeName
        </saml:NameID>
 
        <saml:SubjectConfirmationData
            NotBefore="2005-06-01T09:30:47.0Z"
            InResponseTo="NCName"
            Recipient="http://example.com"
            NotOnOrAfter="2005-06-01T09:30:47.0Z"
            Address="String"/>
 
      </saml:SubjectConfirmation>
 
    </saml:Subject>
 
    <saml:Conditions
        NotBefore="2005-06-01T09:30:47.0Z"
        NotOnOrAfter="2005-06-01T09:30:47.0Z">
 
          <saml:Condition xsi:type="a type derived from ConditionAbstractType"/>
 
    </saml:Conditions>
 
    <saml:Advice>
 
      <saml:AssertionIDRef>NCName</saml:AssertionIDRef>
 
    </saml:Advice>
 
    <saml:AuthnStatement
          AuthnInstant="2005-06-0131T12:00:00Z"
          SessionIndex="67775277772">
 
          <saml:AuthnContext>
 
            <saml:AuthnContextClassRef>
                urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            </saml:AuthnContextClassRef>
 
          </saml:AuthnContext>
 
      </saml:AuthnStatement>
 
  </saml:Assertion>
 
</samlp:Response>
</pre>
</pre>

Latest revision as of 18:59, 21 February 2017

Internal

Example

AuthnQuery

<samlp:AuthnQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"   
                  xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol” ノ>

  <saml:Subject>

    <saml:SubjectConfirmation 
            Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password">

      <saml:SubjectConfirmationData> 
         cGFzc3dvcmQ=
      <saml:SubjectConfirmationData/>

    </saml:SubjectConfirmation>

  </saml:Subject>

  <samlp:RequestedAuthnContext Comparison="exact">

    <saml:AuthnContextClassRef>
      http://www.coresecuritypatterns.com
    </saml:AuthnContextClassRef>

  </samlp:RequestedAuthnContext>

</samlp:AuthnQuery>

AuthnStatement

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                IssueInstant="2005-06-01T09:30:47.0Z" 
                Version="2.0" 
                InResponseTo="NCName" 
                Destination="http://www.example.com" 
                ID="ID000065">

        ...

  <samlp:Status>

    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>

    <samlp:StatusMessage>status is successful</samlp:StatusMessage>

  </samlp:Status>

  <saml:Assertion IssueInstant="2005-06-01T09:30:47.0Z" 
                  Version="2.0" 
                  ID="ID000072">

    <saml:Issuer NameQualifier="String" Format="http://www.coresecuritypatterns.com" 
                 SPProvidedID="MyServiceProvider" 
                 SPNameQualifier="String">
          Example
    </saml:Issuer>

    <saml:Subject>

      <saml:SubjectConfirmation 
          Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password">

         <saml:NameID NameQualifier="card:SQLDatabase">
             SomeName
         </saml:NameID>

         <saml:SubjectConfirmationData 
             NotBefore="2005-06-01T09:30:47.0Z" 
             InResponseTo="NCName" 
             Recipient="http://example.com" 
             NotOnOrAfter="2005-06-01T09:30:47.0Z" 
             Address="String"/>

      </saml:SubjectConfirmation>

    </saml:Subject>

    <saml:Conditions 
        NotBefore="2005-06-01T09:30:47.0Z" 
        NotOnOrAfter="2005-06-01T09:30:47.0Z">

          <saml:Condition xsi:type="a type derived from ConditionAbstractType"/>

    </saml:Conditions>

    <saml:Advice>

      <saml:AssertionIDRef>NCName</saml:AssertionIDRef>

    </saml:Advice>

    <saml:AuthnStatement
          AuthnInstant="2005-06-0131T12:00:00Z"
          SessionIndex="67775277772">

          <saml:AuthnContext>

            <saml:AuthnContextClassRef>
                 urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
             </saml:AuthnContextClassRef>

          </saml:AuthnContext>

      </saml:AuthnStatement>

   </saml:Assertion>

</samlp:Response>