[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] Valid SAML documents based on current schemas
> I've been trying to create a valid SAML Authentication > Assertion Request/Response based on the assertion-31 and > protocol-31 schemas to be included as part of a SOAP > message..I am using XML Spy 4.3 to create the XML document > and validate it against the protocol-31 schema without much > luck. Can someone post samples that I can use as a starting point? Here's a valid Response containing an authn statement. It's signed as well, which is why it's a bit ugly and all run together (canonical form). An editor should be able to pretty it up. -- Scott <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d7 03-FB24AD27D96135B68C99FB9AACFE2FFC"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Canonic alizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMet hod> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"> </ds:Transform> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><ds:XPath xmlns:samlp_xpath="urn:oasis:names:tc:SAML:1.0:protocol">count(ancestor- or-self::samlp_xpath:Response | here()/ancestor::samlp_xpath:Response[1]) = count(ancestor-or-self::samlp_xpath:Response)</ds:XPath></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>vTCIfdl8s7EqcjtCSVPrvKGxNZ8=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>lAPMBY4RfUtKo6c2gCKXNm/gWDuX6IzyvKBmsG6BGjXab0Ov0CCg3 9tdFGTcX 78u3xmECD2KwHPN6XoaN87ASzr1DqJYlI9eFFdxQtce9spWqxmmXIBxkkl+AwpvvtoyLSSf+ 05VkkNsyEQ80h/Dd+S6nF45EdRn4mIKhaRLQWn+PYCyMsD9E77XQbGV2IGfCnwhBVlYFzzsu Xan1uKpvDn77GyH8upA9AzCHLIPfCNZbs1ucetl5VxY0BDp9eI94BS7DIEvgJ6W0P98gQVGw iCEvdzygomV/7umoCi/ypGc+tvYoSnQUN/S23W0j3iavVXVihPBvhTNzhOZDK9sdA==</ds: SignatureValue> </ds:Signature><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0"><Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z"><AudienceRestrictionCondition><Audie nce>http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/</Audi ence></AudienceRestrictionCondition></Conditions><AuthenticationStatemen t AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod"><Subject><NameIden tifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu">foo</NameIdentifier><SubjectConfirmation><Confir mationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer</ConfirmationMethod>< /SubjectConfirmation></Subject><SubjectLocality IPAddress="127.0.0.1"></SubjectLocality><AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1. 0:bindings:SOAP-binding" Location="https://aa.osu.edu/"></AuthorityBinding></AuthenticationStatem ent><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Canonic alizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMet hod> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"> </ds:Transform> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><ds:XPath xmlns:saml_xpath="urn:oasis:names:tc:SAML:1.0:assertion">count(ancestor- or-self::saml_xpath:Assertion | here()/ancestor::saml_xpath:Assertion[1]) = count(ancestor-or-self::saml_xpath:Assertion)</ds:XPath></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>tPchwCyChgJIy8eW0sPT1WFd7AU=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>mFHeJlNBdduxb0vx8RNg5ct8fCH+zKdCwCdMLSJcjMYSAQCkr55nT yuqD3EPj mAI/2fJrOjmaPQVZyZwoq97HDWfHpZi7F7H9SFvuNznFvRyK5Z5J02kWy/xiybH87Vfp6sDQ hTkRpy7m0RwvkxO9DHQJbbx40B/SUje1IhgxBf3WaLNYULmUTGanclUk+y9EcnxQAmf9SoAh d9szcqveYXhBXp2QfXpRXOcuonMTe2CtNG4rBgc9Ub/azRPqNaDaMpJ0YitDuR08ruJmZiZG iL/LsE4AbAGXDfFBVfovi9ATRjkSsUYp0DSCXhWWvas/VTVRFqLGWFnBeeVU02NjA==</ds: SignatureValue> </ds:Signature></Assertion></Response>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC