OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] Valid SAML documents based on current schemas

> I've been trying to create a valid SAML Authentication 
> Assertion Request/Response based on the assertion-31 and 
> protocol-31 schemas to be included as part of a SOAP 
> message..I am using XML Spy 4.3 to create the XML document 
> and validate it against the protocol-31 schema without much 
> luck.  Can someone post samples that I can use as a starting point?

Here's a valid Response containing an authn statement. It's signed as
well, which is why it's a bit ugly and all run together (canonical
form). An editor should be able to pretty it up.

-- Scott

<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0"
Recipient="https://shire.target.com"; ResponseID="7ddc31-ed4a03d7
03-FB24AD27D96135B68C99FB9AACFE2FFC"><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></ds:Canonic
alizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMet
hod>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";>
</ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";><ds:XPath
xmlns:samlp_xpath="urn:oasis:names:tc:SAML:1.0:protocol">count(ancestor-
or-self::samlp_xpath:Response |
here()/ancestor::samlp_xpath:Response[1]) =
count(ancestor-or-self::samlp_xpath:Response)</ds:XPath></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>vTCIfdl8s7EqcjtCSVPrvKGxNZ8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>lAPMBY4RfUtKo6c2gCKXNm/gWDuX6IzyvKBmsG6BGjXab0Ov0CCg3
9tdFGTcX
78u3xmECD2KwHPN6XoaN87ASzr1DqJYlI9eFFdxQtce9spWqxmmXIBxkkl+AwpvvtoyLSSf+
05VkkNsyEQ80h/Dd+S6nF45EdRn4mIKhaRLQWn+PYCyMsD9E77XQbGV2IGfCnwhBVlYFzzsu
Xan1uKpvDn77GyH8upA9AzCHLIPfCNZbs1ucetl5VxY0BDp9eI94BS7DIEvgJ6W0P98gQVGw
iCEvdzygomV/7umoCi/ypGc+tvYoSnQUN/S23W0j3iavVXVihPBvhTNzhOZDK9sdA==</ds:
SignatureValue>
</ds:Signature><Status><StatusCode
Value="samlp:Success"></StatusCode></Status><Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC"
IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1"
MinorVersion="0"><Conditions NotBefore="2002-04-18T16:56:54Z"
NotOnOrAfter="2002-04-18T17:01:54Z"><AudienceRestrictionCondition><Audie
nce>http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/</Audi
ence></AudienceRestrictionCondition></Conditions><AuthenticationStatemen
t AuthenticationInstant="2002-04-18T16:56:53Z"
AuthenticationMethod="urn:mace:shibboleth:authmethod"><Subject><NameIden
tifier Format="urn:mace:shibboleth:1.0:handle"
NameQualifier="osu.edu">foo</NameIdentifier><SubjectConfirmation><Confir
mationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer</ConfirmationMethod><
/SubjectConfirmation></Subject><SubjectLocality
IPAddress="127.0.0.1"></SubjectLocality><AuthorityBinding
AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.
0:bindings:SOAP-binding"
Location="https://aa.osu.edu/";></AuthorityBinding></AuthenticationStatem
ent><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></ds:Canonic
alizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMet
hod>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";>
</ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";><ds:XPath
xmlns:saml_xpath="urn:oasis:names:tc:SAML:1.0:assertion">count(ancestor-
or-self::saml_xpath:Assertion |
here()/ancestor::saml_xpath:Assertion[1]) =
count(ancestor-or-self::saml_xpath:Assertion)</ds:XPath></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>tPchwCyChgJIy8eW0sPT1WFd7AU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>mFHeJlNBdduxb0vx8RNg5ct8fCH+zKdCwCdMLSJcjMYSAQCkr55nT
yuqD3EPj
mAI/2fJrOjmaPQVZyZwoq97HDWfHpZi7F7H9SFvuNznFvRyK5Z5J02kWy/xiybH87Vfp6sDQ
hTkRpy7m0RwvkxO9DHQJbbx40B/SUje1IhgxBf3WaLNYULmUTGanclUk+y9EcnxQAmf9SoAh
d9szcqveYXhBXp2QfXpRXOcuonMTe2CtNG4rBgc9Ub/azRPqNaDaMpJ0YitDuR08ruJmZiZG
iL/LsE4AbAGXDfFBVfovi9ATRjkSsUYp0DSCXhWWvas/VTVRFqLGWFnBeeVU02NjA==</ds:
SignatureValue>
</ds:Signature></Assertion></Response>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC