Example: SAML IdP for Cloud Access Service Assertion

<?xml version="1.0" encoding="UTF-8"?>

<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://company-vm.local:81/saml-sp/response.do" ID="_ad254d049179ab5b03dc903c29985da6" InResponseTo="_0fd4fbcc-8e0a-4c3c-b380-b4fa3b2bf4e9" IssueInstant="2017-02-03T18:32:54.860Z" Version="2.0">

<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://company.com/saml-fe/sso</saml2:Issuer>

<saml2p:Status>

<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>

</saml2p:Status>

<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_eb78cdec36f4f99b39f30302a56662f5" IssueInstant="2017-02-03T18:32:54.860Z" Version="2.0">

<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://company.com/saml-fe/sso</saml2:Issuer>

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

<ds:Reference URI="#_eb78cdec36f4f99b39f30302a56662f5">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<ds:DigestValue>1xUgAjkRwqP0Cmb/kTYaCc8ZcQjoBtwLLUSHPuDi820=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>

I332qh+nwcdgRvjOb5eaJXsJWfyTC89/bsMGLn7Lk5gk1AIcX4i/YGW2WymtmBMKpC/e7P+T37DSqWT8i2/+eQYbXPnX12DvnPViO4+AVHx0eM/o3KmA0+kaOn91QyyRADILRpoSpGljjY2dOL9GlhY6KemoDroij33BYxLr4wg5TtKEz7L98OS17Au2YuwS6Wz/Tv9vPqwM9a2gPaQJpGDmQAnHacR66cDVimLzJiPg5Op6Lz2DD6A2HFvDwA5btOWtXGT9xAoB1ZlFzBRJ+T7p6Xn/fFXI0dEsY8A5zEoihmInG00uQ5wBBAWY/c/vJp/Lwqe1e4Sy+BSDFYskbQ==

</ds:SignatureValue>

<ds:KeyInfo>

<ds:X509Data>

<ds:X509SubjectName>OU=ONE,O=SAML_SIGNING,STREET=c12f5bab0220ec523f89639a8dc9ded937ed978289d30885409db89d4852ba7f,C=company,CN=be075a80-f1c4-41cf-9c9e-c0ba53212d57</ds:X509SubjectName>

<ds:X509Certificate>MIIEIzCCAwugAwIBAgIUNCZGscafYuODoaujLvOv3zzIgUQwDQYJKoZIhvcNAQELBQAwgbExLTArBgNVBAMMJGJlMDc1YTgwLWYxYzQtNDFjZi05YzllLWMwYmE1MzIxMmQ1NzEQMA4GA1UEBhMHdm95YWdlcjFJMEcGA1UECQxAYzEyZjViYWIwMjIwZWM1MjNmODk2MzlhOGRjOWRlZDkzN2VkOTc4Mjg5ZDMwODg1NDA5ZGI4OWQ0ODUyYmE3ZjEVMBMGA1UECgwMU0FNTF9TSUdOSU5HMQwwCgYDVQQLDANPTkUwHhcNMTYwODMwMTY0MDE4WhcNMzYwODMwMTY0MDE4WjCBsTEtMCsGA1UEAwwkYmUwNzVhODAtZjFjNC00MWNmLTljOWUtYzBiYTUzMjEyZDU3MRAwDgYDVQQGEwd2b3lhZ2VyMUkwRwYDVQQJDEBjMTJmNWJhYjAyMjBlYzUyM2Y4OTYzOWE4ZGM5ZGVkOTM3ZWQ5NzgyODlkMzA4ODU0MDlkYjg5ZDQ4AQsFAAOCAQEAJIHRetoDpzkKM6GbQKcnRmMHRD2wkdJXyHSxxVpdQLUh/HEwftb96dPh79Z7uDMqXgwVD1vdwuxnGToG6upCZleFHp7L+YEh7Wjd977MiaGZ14ZJfv1+0ARQJ9tBTfi7K8cGUVPqknxkabjulWBbk57o4ekrc4EhIjkRhaE+8BR4a1mbZAr3PPbM6yZGdz0zOFGEm6hu8Xg+nkF3rb85QoCncHNL5dAH1hldCYoHZhojLvLaqdUrxQIBveIjXuj614H6U7vFFVAlLfsuTnUpP0zZ2o/RUNCNMCSa+/sGWVJj8BfbKpPE54XsCI/ncBgqH71lebdO4S2uUv+Ji0/Gag==</ds:X509Certificate>

</ds:X509Data>

</ds:KeyInfo>

</ds:Signature>

<saml2:Subject>

<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">SubjectName</saml2:NameID>

<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

<saml2:SubjectConfirmationData InResponseTo="_0fd4fbcc-8e0a-4c3c-b380-b4fa3b2bf4e9" NotOnOrAfter="2017-02-03T18:38:54.860Z" Recipient="http://company-vm.local:81/saml-sp/response.do"/>

</saml2:SubjectConfirmation>

</saml2:Subject>

<saml2:Conditions NotBefore="2017-02-03T18:31:54.860Z" NotOnOrAfter="2017-02-03T18:38:54.860Z">

<saml2:AudienceRestriction>

<saml2:Audience>test-sp</saml2:Audience>

</saml2:AudienceRestriction>

</saml2:Conditions>

<saml2:AuthnStatement AuthnInstant="2017-02-03T18:32:54.814Z">

<saml2:AuthnContext>

<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>

</saml2:AuthnContext>

</saml2:AuthnStatement>

</saml2:Assertion>

</saml2p:Response>