Example: SAML IdP for Cloud Authentication Service Assertion

Document created by RSA Information Design and Development on Apr 14, 2017Last modified by RSA Information Design and Development on Sep 15, 2017
Version 3Show Document
  • View in full screen mode

<?xml version="1.0" encoding="UTF-8"?>

<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://company-vm.local:81/saml-sp/response.do" ID="_ad254d049179ab5b03dc903c29985da6" InResponseTo="_0fd4fbcc-8e0a-4c3c-b380-b4fa3b2bf4e9" IssueInstant="2017-02-03T18:32:54.860Z" Version="2.0">

<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://company.com/saml-fe/sso</saml2:Issuer>

<saml2p:Status>

<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>

</saml2p:Status>

<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_eb78cdec36f4f99b39f30302a56662f5" IssueInstant="2017-02-03T18:32:54.860Z" Version="2.0">

<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://company.com/saml-fe/sso</saml2:Issuer>

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

<ds:Reference URI="#_eb78cdec36f4f99b39f30302a56662f5">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<ds:DigestValue>1xUgAjkRwqP0Cmb/kTYaCc8ZcQjoBtwLLUSHPuDi820=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>

I332qh+nwcdgRvjOb5eaJXsJWfyTC89/bsMGLn7Lk5gk1AIcX4i/YGW2WymtmBMKpC/e7P+T37DSqWT8i2/+eQYbXPnX12DvnPViO4+AVHx0eM/o3KmA0+kaOn91QyyRADILRpoSpGljjY2dOL9GlhY6KemoDroij33BYxLr4wg5TtKEz7L98OS17Au2YuwS6Wz/Tv9vPqwM9a2gPaQJpGDmQAnHacR66cDVimLzJiPg5Op6Lz2DD6A2HFvDwA5btOWtXGT9xAoB1ZlFzBRJ+T7p6Xn/fFXI0dEsY8A5zEoihmInG00uQ5wBBAWY/c/vJp/Lwqe1e4Sy+BSDFYskbQ==

</ds:SignatureValue>

<ds:KeyInfo>

<ds:X509Data>

<ds:X509SubjectName>OU=ONE,O=SAML_SIGNING,STREET=c12f5bab0220ec523f89639a8dc9ded937ed978289d30885409db89d4852ba7f,C=company,CN=be075a80-f1c4-41cf-9c9e-c0ba53212d57</ds:X509SubjectName>

<ds:X509Certificate>MIIEIzCCAwugAwIBAgIUNCZGscafYuODoaujLvOv3zzIgUQwDQYJKoZIhvcNAQELBQAwgbExLTArBgNVBAMMJGJlMDc1YTgwLWYxYzQtNDFjZi05YzllLWMwYmE1MzIxMmQ1NzEQMA4GA1UEBhMHdm95YWdlcjFJMEcGA1UECQxAYzEyZjViYWIwMjIwZWM1MjNmODk2MzlhOGRjOWRlZDkzN2VkOTc4Mjg5ZDMwODg1NDA5ZGI4OWQ0ODUyYmE3ZjEVMBMGA1UECgwMU0FNTF9TSUdOSU5HMQwwCgYDVQQLDANPTkUwHhcNMTYwODMwMTY0MDE4WhcNMzYwODMwMTY0MDE4WjCBsTEtMCsGA1UEAwwkYmUwNzVhODAtZjFjNC00MWNmLTljOWUtYzBiYTUzMjEyZDU3MRAwDgYDVQQGEwd2b3lhZ2VyMUkwRwYDVQQJDEBjMTJmNWJhYjAyMjBlYzUyM2Y4OTYzOWE4ZGM5ZGVkOTM3ZWQ5NzgyODlkMzA4ODU0MDlkYjg5ZDQ4AQsFAAOCAQEAJIHRetoDpzkKM6GbQKcnRmMHRD2wkdJXyHSxxVpdQLUh/HEwftb96dPh79Z7uDMqXgwVD1vdwuxnGToG6upCZleFHp7L+YEh7Wjd977MiaGZ14ZJfv1+0ARQJ9tBTfi7K8cGUVPqknxkabjulWBbk57o4ekrc4EhIjkRhaE+8BR4a1mbZAr3PPbM6yZGdz0zOFGEm6hu8Xg+nkF3rb85QoCncHNL5dAH1hldCYoHZhojLvLaqdUrxQIBveIjXuj614H6U7vFFVAlLfsuTnUpP0zZ2o/RUNCNMCSa+/sGWVJj8BfbKpPE54XsCI/ncBgqH71lebdO4S2uUv+Ji0/Gag==</ds:X509Certificate>

</ds:X509Data>

</ds:KeyInfo>

</ds:Signature>

<saml2:Subject>

<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">SubjectName</saml2:NameID>

<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

<saml2:SubjectConfirmationData InResponseTo="_0fd4fbcc-8e0a-4c3c-b380-b4fa3b2bf4e9" NotOnOrAfter="2017-02-03T18:38:54.860Z" Recipient="http://company-vm.local:81/saml-sp/response.do"/>

</saml2:SubjectConfirmation>

</saml2:Subject>

<saml2:Conditions NotBefore="2017-02-03T18:31:54.860Z" NotOnOrAfter="2017-02-03T18:38:54.860Z">

<saml2:AudienceRestriction>

<saml2:Audience>test-sp</saml2:Audience>

</saml2:AudienceRestriction>

</saml2:Conditions>

<saml2:AuthnStatement AuthnInstant="2017-02-03T18:32:54.814Z">

<saml2:AuthnContext>

<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>

</saml2:AuthnContext>

</saml2:AuthnStatement>

</saml2:Assertion>

</saml2p:Response>

 

 

Previous Topic:Manage Relying Parties
Next Topic:Clusters
You are here
Table of Contents > Relying Parties > Example: SAML IdP for Cloud Authentication Service Assertion

Attachments

    Outcomes