SAML Response with an Embedded Assertion

Agent Guides › SAML Affiliate Agent Guide › Federation Web Services Messages › Sample Response Messages › SAML Response with an Embedded Assertion

SAML Response with an Embedded Assertion

An actual schema for the SAML response element can be found at OASIS.

Look for the document cs-sst-schema-protocol-01.xsd.

Below are two samples of SAML responses with embedded assertion.

Sample 1

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:SM="http://www.netegrity.com/SiteMinder" MajorVersion="1" MinorVersion="0" AssertionID="111.123.1.1.1029438859437" Issuer="http://www.netegrity.com/SiteMinder" IssueInstant="2002-08-15T19:14:19.437Z">
<saml:Conditions NotBefore="2002-08-15T19:13:49.125Z" NotOnOrAfter="2002-08-15T19:15:49.125Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>http://jsmith.netegrity.com/rd/redirect.jsp</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier NameQualifier="www.netegrity.com" Format="urn:oasis:names:tc:SAML:1.0:assertion">uid=tking,o=netegrity.com< /saml:NameIdentifier>
</saml:Subject>
<saml:Attribute AttributeName="SMContent" AttributeNamespace="http://www.netegrity.com/SiteMinder">
<saml:AttributeValue>
<SM:SMContent>
<SM:SMsession>
<SM:SessionID>pZKZpWxyAUip18QlVIGBMaNeyiQ=</SM:SessionID>
<SM:startTime>1029438853</SM:startTime>
<SM:idleTimeout>3600</SM:idleTimeout>
<SM:maxTimeout>7200</SM:maxTimeout>
<SM:timeIn>30</SM:timeIn>
</SM:SMsession>
<SM:SMlogin>
<SM:UserDN>uid=tking,o=netegrity.com</SM:UserDN>
<SM:Username>tking</SM:Username>
</SM:SMlogin>
<SM:SMprofile>
<SM:NVpair>header:name=smith</SM:NVpair>
</SM:SMprofile>
</SM:SMContent>
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthenticationStatement AuthenticationMethod="Unspecified" AuthenticationInstant="2002-08-15T19:14:13.000Z">
<saml:Subject>
<saml:NameIdentifier NameQualifier="www.netegrity.com" Format="urn:oasis:names:tc:SAML:1.0:assertion">uid=tking,o=netegrity.com</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Sample 2

:<SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/'>< SOAP-ENV:Body>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"  xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"  MajorVersion="1" MinorVersion="0" ResponseID="112.123.1.123.1028670653171" InResponseTo="112.123.1.123.1028670652906" IssueInstant="2002-08-06T21:50:53.171Z" ><samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"  xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" ><samlp:StatusCode Value="samlp:Success" ></samlp:StatusCode>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"  MajorVersion="1" MinorVersion="0" AssertionID="112.123.1.123.1028670646671" Issuer="http://www.netegrity.com/AffMinder" IssueInstant="2002-08-06T21:50:46.671Z" ><saml:Conditions NotBefore="2002-08-06T21:50:15.703Z" NotOnOrAfter="2002-08-06T22:01:15.703Z" >< saml:AudienceRestrictionCondition><saml:Audience>http://jsmith.netegrity.com</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement><saml:Subject><saml:NameIdentifier NameQualifier="www.netegrity.com" Format="urn:oasis:names:tc:SAML:1.0:assertion" >uid=user1,ou=people,o=security.com</saml:NameIdentifier>
</saml:Subject>
<saml:Attribute AttributeName="SMContent" AttributeNamespace="http://www.netegrity.com/affiliateMinder" >< saml:AttributeValue><AM:SMContent>
    <AM:SMsession>
        <AM:SessionID>CccR0ImEOuU1XoJ8DwHAwlYI4QM=</AM:SessionID>
        <AM:startTime>1028670640</AM:startTime>
        <AM:idleTimeout>3600</AM:idleTimeout>
        <AM:maxTimeout>7200</AM:maxTimeout>
        <AM:timeIn>30</AM:timeIn>
    </AM:SMsession>
    <AM:SMlogin>
        <AM:UserDN>uid=user1,ou=people,o=security.com</AM:UserDN>
        <AM:Username>user1</AM:Username>
    </AM:SMlogin>
    <AM:SMprofile>
        <AM:NVpair>header:AffID=affiliateA0001</AM:NVpair>
    </AM:SMprofile>
</AM:SMContent>
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthenticationStatement AuthenticationMethod="Unspecified" AuthenticationInstant="2002-08-06T21:50:40.000Z" >< saml:Subject><saml:NameIdentifier NameQualifier="www.netegrity.com" Format="urn:oasis:names:tc:SAML:1.0:assertion" >uid=user1,ou=people,o=security.com</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>
</samlp:Response>
</SOAP-ENV:Body></SOAP-ENV:Envelope>

Email CA Technologies about this topic