Example: SAML IdP for Cloud Authentication Service Assertion

Document created by RSA Information Design and Development on Apr 14, 2017Last modified by RSA Information Design and Development on May 18, 2018
Version 10Show Document
  • View in full screen mode

<?xml version="1.0" encoding="UTF-8"?>

<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://company-vm.local:81/saml-sp/response.do" ID="_ad254d049179ab5b03dc903c29985da6" InResponseTo="_0fd4fbcc-8e0a-4c3c-b380-b4fa3b2bf4e9" IssueInstant="2017-02-03T18:32:54.860Z" Version="2.0">

<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://company.com/saml-fe/sso</saml2:Issuer>

<saml2p:Status>

<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>

</saml2p:Status>

<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_eb78cdec36f4f99b39f30302a56662f5" IssueInstant="2017-02-03T18:32:54.860Z" Version="2.0">

<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://company.com/saml-fe/sso</saml2:Issuer>

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

<ds:Reference URI="#_eb78cdec36f4f99b39f30302a56662f5">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<ds:DigestValue>1xUgAjkRwqP0Cmb/kTYaCc8ZcQjoBtwLLUSHPuDi820=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>

I332qh+nwcdgRvjOb5eaJXsJWfyTC89/bsMGLn7Lk5gk1AIcX4i/YGW2WymtmBMKpC/e7P+T37DSqWT8i2/+eQYbXPnX12DvnPViO4+AVHx0eM/o3KmA0+kaOn91QyyRADILRpoSpGljjY2dOL9GlhY6KemoDroij33BYxLr4wg5TtKEz7L98OS17Au2YuwS6Wz/Tv9vPqwM9a2gPaQJpGDmQAnHacR66cDVimLzJiPg5Op6Lz2DD6A2HFvDwA5btOWtXGT9xAoB1ZlFzBRJ+T7p6Xn/fFXI0dEsY8A5zEoihmInG00uQ5wBBAWY/c/vJp/Lwqe1e4Sy+BSDFYskbQ==

</ds:SignatureValue>

<ds:KeyInfo>

<ds:X509Data>

<ds:X509SubjectName>OU=ONE,O=SAML_SIGNING,STREET=c12f5bab0220ec523f89639a8dc9ded937ed978289d30885409db89d4852ba7f,C=company,CN=be075a80-f1c4-41cf-9c9e-c0ba53212d57</ds:X509SubjectName>

<ds:X509Certificate>MIIEIzCCAwugAwIBAgIUNCZGscafYuODoaujLvOv3zzIgUQwDQYJKoZIhvcNAQELBQAwgbExLTArBgNVBAMMJGJlMDc1YTgwLWYxYzQtNDFjZi05YzllLWMwYmE1MzIxMmQ1NzEQMA4GA1UEBhMHdm95YWdlcjFJMEcGA1UECQxAYzEyZjViYWIwMjIwZWM1MjNmODk2MzlhOGRjOWRlZDkzN2VkOTc4Mjg5ZDMwODg1NDA5ZGI4OWQ0ODUyYmE3ZjEVMBMGA1UECgwMU0FNTF9TSUdOSU5HMQwwCgYDVQQLDANPTkUwHhcNMTYwODMwMTY0MDE4WhcNMzYwODMwMTY0MDE4WjCBsTEtMCsGA1UEAwwkYmUwNzVhODAtZjFjNC00MWNmLTljOWUtYzBiYTUzMjEyZDU3MRAwDgYDVQQGEwd2b3lhZ2VyMUkwRwYDVQQJDEBjMTJmNWJhYjAyMjBlYzUyM2Y4OTYzOWE4ZGM5ZGVkOTM3ZWQ5NzgyODlkMzA4ODU0MDlkYjg5ZDQ4AQsFAAOCAQEAJIHRetoDpzkKM6GbQKcnRmMHRD2wkdJXyHSxxVpdQLUh/HEwftb96dPh79Z7uDMqXgwVD1vdwuxnGToG6upCZleFHp7L+YEh7Wjd977MiaGZ14ZJfv1+0ARQJ9tBTfi7K8cGUVPqknxkabjulWBbk57o4ekrc4EhIjkRhaE+8BR4a1mbZAr3PPbM6yZGdz0zOFGEm6hu8Xg+nkF3rb85QoCncHNL5dAH1hldCYoHZhojLvLaqdUrxQIBveIjXuj614H6U7vFFVAlLfsuTnUpP0zZ2o/RUNCNMCSa+/sGWVJj8BfbKpPE54XsCI/ncBgqH71lebdO4S2uUv+Ji0/Gag==</ds:X509Certificate>

</ds:X509Data>

</ds:KeyInfo>

</ds:Signature>

<saml2:Subject>

<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">SubjectName</saml2:NameID>

<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

<saml2:SubjectConfirmationData InResponseTo="_0fd4fbcc-8e0a-4c3c-b380-b4fa3b2bf4e9" NotOnOrAfter="2017-02-03T18:38:54.860Z" Recipient="http://company-vm.local:81/saml-sp/response.do"/>

</saml2:SubjectConfirmation>

</saml2:Subject>

<saml2:Conditions NotBefore="2017-02-03T18:31:54.860Z" NotOnOrAfter="2017-02-03T18:38:54.860Z">

<saml2:AudienceRestriction>

<saml2:Audience>test-sp</saml2:Audience>

</saml2:AudienceRestriction>

</saml2:Conditions>

<saml2:AuthnStatement AuthnInstant="2017-02-03T18:32:54.814Z">

<saml2:AuthnContext>

<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>

</saml2:AuthnContext>

</saml2:AuthnStatement>

</saml2:Assertion>

</saml2p:Response>

 

 

Previous Topic:Manage Relying Parties
You are here
Table of Contents > Relying Parties > Example: SAML IdP for Cloud Authentication Service Assertion

Attachments

    Outcomes