SAML AuthnQuery and AuthnStatement: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 35: Line 35:


</samlp:AuthnQuery>
</samlp:AuthnQuery>
</pre>
==AuthnStatement==
<pre>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0"
  InResponseTo="NCName"
  Destination="http://www.coresecuritypatterns.com"
  ID="ID000065">
        ...
  <samlp:Status>
      <samlp:StatusCode
        Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
      <samlp:StatusMessage>status is successful</samlp:StatusMessage>
  </samlp:Status>
  <saml:Assertion
      IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0" ID="ID000072">
      <saml:Issuer NameQualifier="String" Format="http://www.coresecuritypatterns.com"
          SPProvidedID="MyServiceProvider" SPNameQualifier="String">CSP</saml:Issuer>
      <saml:Subject>
      <saml:SubjectConfirmation
          Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password">
        <saml:NameID NameQualifier="card:SQLDatabase">
            CoreSecurityPatterns
        <saml:NameID/>
      <saml:SubjectConfirmationData NotBefore="2005-06-01T09:30:47.0Z"
          InResponseTo="NCName"
          Recipient="http://www.coresecuritypatterns.com"
          NotOnOrAfter="2005-06-01T09:30:47.0Z"
          Address="String"/>
      </saml:SubjectConfirmation>
        </saml:Subject>
<saml:Conditions NotBefore="2005-06-01T09:30:47.0Z"
              NotOnOrAfter="2005-06-01T09:30:47.0Z">
              <saml:Condition xsi:type="a type derived from ConditionAbstractType"/>
            </saml:Conditions>
            <saml:Advice>
              <saml:AssertionIDRef>NCName</saml:AssertionIDRef>
            </saml:Advice>
      <saml:AuthnStatement>
          AuthnInstant="2005-06-0131T12:00:00Z"
          SessionIndex="67775277772">
          <saml:AuthnContext>
              <saml:AuthnContextClassRef>
              urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
              </saml:AuthnContextClassRef>
          </saml:AuthnContext>
      </saml:AuthnStatement>
  </saml:Assertion>
</samlp:Response>
</pre>
</pre>

Revision as of 18:45, 21 February 2017

Internal

Example

AuthnQuery

<samlp:AuthnQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"   
                  xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol” ノ>

  <saml:Subject>

    <saml:SubjectConfirmation Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password">

      <saml:SubjectConfirmationData> 
         cGFzc3dvcmQ=
      <saml:SubjectConfirmationData/>

    </saml:SubjectConfirmation>

  </saml:Subject>

  <samlp:RequestedAuthnContext Comparison="exact">

    <saml:AuthnContextClassRef>
      http://www.coresecuritypatterns.com
    </saml:AuthnContextClassRef>

  </samlp:RequestedAuthnContext>

</samlp:AuthnQuery>

AuthnStatement

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
   xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
   xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
   IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0" 
   InResponseTo="NCName" 
   Destination="http://www.coresecuritypatterns.com" 
   ID="ID000065">
        ...
   <samlp:Status>
      <samlp:StatusCode 
         Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
      <samlp:StatusMessage>status is successful</samlp:StatusMessage>
   </samlp:Status>
   <saml:Assertion 
      IssueInstant="2005-06-01T09:30:47.0Z" Version="2.0" ID="ID000072">
      <saml:Issuer NameQualifier="String" Format="http://www.coresecuritypatterns.com" 
          SPProvidedID="MyServiceProvider" SPNameQualifier="String">CSP</saml:Issuer>
      <saml:Subject>
      <saml:SubjectConfirmation 
          Method="http://www.oasis-open.org/committees/security/docs/draft-sstc-core-25/password">
         <saml:NameID NameQualifier="card:SQLDatabase">
             CoreSecurityPatterns
         <saml:NameID/>
      <saml:SubjectConfirmationData NotBefore="2005-06-01T09:30:47.0Z" 
          InResponseTo="NCName" 
          Recipient="http://www.coresecuritypatterns.com" 
          NotOnOrAfter="2005-06-01T09:30:47.0Z" 
          Address="String"/>
      </saml:SubjectConfirmation>
         </saml:Subject>

<saml:Conditions NotBefore="2005-06-01T09:30:47.0Z" 
               NotOnOrAfter="2005-06-01T09:30:47.0Z">
               <saml:Condition xsi:type="a type derived from ConditionAbstractType"/>
            </saml:Conditions>
            <saml:Advice>
               <saml:AssertionIDRef>NCName</saml:AssertionIDRef>
            </saml:Advice>
      <saml:AuthnStatement>
          AuthnInstant="2005-06-0131T12:00:00Z"
          SessionIndex="67775277772">
          <saml:AuthnContext>
               <saml:AuthnContextClassRef>
               urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
               </saml:AuthnContextClassRef>
          </saml:AuthnContext>
      </saml:AuthnStatement>
   </saml:Assertion>
</samlp:Response>
Retrieved from "https://kb.novaordis.com/index.php?title=SAML_AuthnQuery_and_AuthnStatement&oldid=17345"