SAML SOAP Binding: Difference between revisions
Jump to navigation
Jump to search
Line 8: | Line 8: | ||
=SAML Request= | =SAML Request= | ||
The SAML request consists in a SOAP Envelope and a SOAP Body. The SOAP Body includes a Security Token, a digital signature, generated using [[XML Signature]] and the request data. | The SAML request consists in a SOAP Envelope and a SOAP Body. The SOAP Body includes a Security Token, a digital signature, generated using [[XML Signature]] and the request data. | ||
An AuthnRequest example: | |||
<pre> | |||
<env:Envelope xmlns:env=”http://www.w3.org/2003/05/soap/envelope/”> | |||
<env:Body> | |||
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" | |||
ForceAuthn="true" | |||
AssertionConsumerServiceURL="http://www.example.com/serviceA/" | |||
AttributeConsumingServiceIndex="0" | |||
ProviderName="string" | |||
ID="skdfa7234" | |||
Version="2.0" | |||
IssueInstant="2005-06-01T01:00:00Z" | |||
Destination="http://www.example.com/" | |||
Consent="http://www.example.com/"> | |||
<saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> | |||
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> | |||
user1@example.com | |||
</saml:NameID> | |||
</saml:Subject> | |||
</samlp:AuthnRequest> | |||
</env:Body> | |||
</env:Envelope> | |||
</pre> | |||
=SAML Response= | =SAML Response= | ||
The SAML response also consists in a SOAP Envelope and a SOAP Body. The SOAP Body includes the digital signature and the response data. | The SAML response also consists in a SOAP Envelope and a SOAP Body. The SOAP Body includes the digital signature and the response data. |
Revision as of 17:57, 21 February 2017
Internal
Overview
SAML Request
The SAML request consists in a SOAP Envelope and a SOAP Body. The SOAP Body includes a Security Token, a digital signature, generated using XML Signature and the request data.
An AuthnRequest example:
<env:Envelope xmlns:env=”http://www.w3.org/2003/05/soap/envelope/”> <env:Body> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ForceAuthn="true" AssertionConsumerServiceURL="http://www.example.com/serviceA/" AttributeConsumingServiceIndex="0" ProviderName="string" ID="skdfa7234" Version="2.0" IssueInstant="2005-06-01T01:00:00Z" Destination="http://www.example.com/" Consent="http://www.example.com/"> <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> user1@example.com </saml:NameID> </saml:Subject> </samlp:AuthnRequest> </env:Body> </env:Envelope>
SAML Response
The SAML response also consists in a SOAP Envelope and a SOAP Body. The SOAP Body includes the digital signature and the response data.