OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Artifact Format and EndpointIndex in 2.0

In section 3.6.4 of SAML-Bind the general format of an artifact is defined as such:

 

The general format of any artifact includes a mandatory two-byte artifact type code and a two-byte index value identifying a specific endpoint of the artifact resolution service of the issuer, as follows:

 

SAML_artifact := B64(TypeCode EndpointIndex RemainingArtifact)

TypeCode := Byte1Byte2

EndpointIndex := Byte1Byte2

 

The notation B64(TypeCode EndpointIndex RemainingArtifact) stands for the application of the base64 [RFC2045] transformation to the catenation of the TypeCode, EndpointIndex, and RemainingArtifact.

 

Section 3.6.4.1 says:

 

SAML V2.0 defines an artifact type of type code 0x0004. This artifact type is defined as follows:

 

TypeCode := 0x0004

RemainingArtifact := SourceID MessageHandle

SourceID := 20-byte_sequence

MessageHandle := 20-byte_sequence

 

SourceID is a 20-byte sequence used by the artifact receiver to determine artifact issuer identity and the set of possible resolution endpoints.

 

It is assumed that the destination site will maintain a table of SourceID values as well as one or more indexed URL endpoints (or addresses) for the corresponding SAML responder. The SAML metadata specification [SAMLMeta] MAY be used for this purpose. On receiving the SAML artifact, the receiver determines if the SourceID belongs to a known artifact issuer and obtains the location of the SAML responder using the EndpointIndex before sending a SAML <samlp:ArtifactResolve> message to it.

 

 

My understanding is that a SAML2 artifact is 44 bytes in length and constructed as such:

Bytes 1 & 2 contain the type code.

Bytes 2 & 3 contain the endpoint index.

Bytes 4-24 contain the SourceID

Bytes 25-44 contain the Message Handle.

 

 

Is this correct?  If not, can someone kindly correct my misunderstanding?  If it is correct, I think a few minor changes to sections 3.6.4 and 3.6.4.1 could clarify it– specifically my confusion comes from the fact that 3.6.4.1 only makes slight mention of the EndpointIndex and leaves it out of the type definition.  It seems to me that the type definition should look something more like this:

 

 

SAML_artifact := B64(TypeCode EndpointIndex SourceID MessageHandle)

TypeCode := Byte1Byte2

EndpointIndex := Byte1Byte2

SourceID := 20-byte_sequence

MessageHandle := 20-byte_sequence

 

 

Thanks in advance for any clarification,

Brian Campbell

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]