RE: [saml-dev] Valid SAML documents based on current schemas

[Charles Knouse <cknouse@oblix.com>]

Scott,
Thanks so much for sending out your example. It will very useful for
checking interoperability with other SAML implementations, especially
the signatures. But the XML got munched by my mailer. Could you resend
it as an attachment so we have it in its original form.

Thanks again,
Charles

> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Thursday, April 18, 2002 10:01 AM
> To: 'Pranav Parekh'; saml-dev@lists.oasis-open.org
> Subject: RE: [saml-dev] Valid SAML documents based on current schemas
> 
> 
> > I've been trying to create a valid SAML Authentication 
> > Assertion Request/Response based on the assertion-31 and 
> > protocol-31 schemas to be included as part of a SOAP 
> > message..I am using XML Spy 4.3 to create the XML document 
> > and validate it against the protocol-31 schema without much 
> > luck.  Can someone post samples that I can use as a starting point?
> 
> Here's a valid Response containing an authn statement. It's signed as
> well, which is why it's a bit ugly and all run together (canonical
> form). An editor should be able to pretty it up.
> 
> -- Scott
> 
> <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
> xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
> IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0"
> Recipient="https://shire.target.com"; ResponseID="7ddc31-ed4a03d7
> 03-FB24AD27D96135B68C99FB9AACFE2FFC"><ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></
> ds:Canonic
> alizationMethod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:Si
> gnatureMet
> hod>
> <ds:Reference URI="">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";>
> </ds:Transform>
> <ds:Transform
> Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";><ds:XPath
> xmlns:samlp_xpath="urn:oasis:names:tc:SAML:1.0:protocol">count
> (ancestor-
> or-self::samlp_xpath:Response |
> here()/ancestor::samlp_xpath:Response[1]) =
> count(ancestor-or-self::samlp_xpath:Response)</ds:XPath></ds:T
> ransform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> <ds:DigestValue>vTCIfdl8s7EqcjtCSVPrvKGxNZ8=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>lAPMBY4RfUtKo6c2gCKXNm/gWDuX6IzyvKBmsG6BGjX
> ab0Ov0CCg3
> 9tdFGTcX
> 78u3xmECD2KwHPN6XoaN87ASzr1DqJYlI9eFFdxQtce9spWqxmmXIBxkkl+Awp
> vvtoyLSSf+
> 05VkkNsyEQ80h/Dd+S6nF45EdRn4mIKhaRLQWn+PYCyMsD9E77XQbGV2IGfCnw
> hBVlYFzzsu
> Xan1uKpvDn77GyH8upA9AzCHLIPfCNZbs1ucetl5VxY0BDp9eI94BS7DIEvgJ6
> W0P98gQVGw
> iCEvdzygomV/7umoCi/ypGc+tvYoSnQUN/S23W0j3iavVXVihPBvhTNzhOZDK9
> sdA==</ds:
> SignatureValue>
> </ds:Signature><Status><StatusCode
> Value="samlp:Success"></StatusCode></Status><Assertion
> xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
> AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC"
> IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" 
> MajorVersion="1"
> MinorVersion="0"><Conditions NotBefore="2002-04-18T16:56:54Z"
> NotOnOrAfter="2002-04-18T17:01:54Z"><AudienceRestrictionCondit
> ion><Audie
> nce>http://middleware.internet2.edu/shibboleth/clubs/clubshib/
> 1.0/</Audi
> ence></AudienceRestrictionCondition></Conditions><Authenticati
> onStatemen
> t AuthenticationInstant="2002-04-18T16:56:53Z"
> AuthenticationMethod="urn:mace:shibboleth:authmethod"><Subject
> ><NameIden
> tifier Format="urn:mace:shibboleth:1.0:handle"
> NameQualifier="osu.edu">foo</NameIdentifier><SubjectConfirmati
> on><Confir
> mationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer</Confirmati
> onMethod><
> /SubjectConfirmation></Subject><SubjectLocality
> IPAddress="127.0.0.1"></SubjectLocality><AuthorityBinding
> AuthorityKind="samlp:AttributeQuery" 
> Binding="urn:oasis:names:tc:SAML:1.
> 0:bindings:SOAP-binding"
> Location="https://aa.osu.edu/";></AuthorityBinding></Authentica
> tionStatem
> ent><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></
> ds:Canonic
> alizationMethod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:Si
> gnatureMet
> hod>
> <ds:Reference URI="">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";>
> </ds:Transform>
> <ds:Transform
> Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";><ds:XPath
> xmlns:saml_xpath="urn:oasis:names:tc:SAML:1.0:assertion">count
> (ancestor-
> or-self::saml_xpath:Assertion |
> here()/ancestor::saml_xpath:Assertion[1]) =
> count(ancestor-or-self::saml_xpath:Assertion)</ds:XPath></ds:T
> ransform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> <ds:DigestValue>tPchwCyChgJIy8eW0sPT1WFd7AU=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>mFHeJlNBdduxb0vx8RNg5ct8fCH+zKdCwCdMLSJcjMY
> SAQCkr55nT
> yuqD3EPj
> mAI/2fJrOjmaPQVZyZwoq97HDWfHpZi7F7H9SFvuNznFvRyK5Z5J02kWy/xiyb
> H87Vfp6sDQ
> hTkRpy7m0RwvkxO9DHQJbbx40B/SUje1IhgxBf3WaLNYULmUTGanclUk+y9Ecn
> xQAmf9SoAh
> d9szcqveYXhBXp2QfXpRXOcuonMTe2CtNG4rBgc9Ub/azRPqNaDaMpJ0YitDuR
> 08ruJmZiZG
> iL/LsE4AbAGXDfFBVfovi9ATRjkSsUYp0DSCXhWWvas/VTVRFqLGWFnBeeVU02
> NjA==</ds:
> SignatureValue>
> </ds:Signature></Assertion></Response>
> 
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>