Beispiel
Beispiel
Beispiel einer IdP-Metadaten-Datei
<?xml version="1.0"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="
http://www.w3.org/2000/09/xmldsig#"
entityID="http://aquatest-ldap/simplesaml/saml2/idp/metadata.php"> <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIDyTCCArG...</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIDyTCCArG...</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://aquatest-ldap/simplesaml/saml2/idp/SingleLogoutService.php"/> <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://aquatest-ldap/simplesaml/saml2/idp/SSOService.php"/> </md:IDPSSODescriptor> <md:ContactPerson contactType="technical"> <md:GivenName>SAML - Administrator</md:GivenName> <md:EmailAddress>
admin@andagon.com
</md:EmailAddress> </md:ContactPerson></md:EntityDescriptor> Beispiel für eine (unverschlüsselte) erfolgreiche Login-Nachricht von SAML an einen bestimmten ServiceProvider
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_145fa2ed11c809e3d875e084762766d2707e0cd904" Version="2.0" IssueInstant="2017-10-19T12:22:05Z" Destination="
http://localhost:54537/web/Account/saml2-acs"
InResponseTo="_aab202fa-0a16-4bbe-8187-4ac5b964f482"> <saml:Issuer>http://aquatest-ldap/simplesaml/saml2/idp/metadata.php</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_145fa2ed11c809e3d875e084762766d2707e0cd904"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>PCIJShVbyCbsDyVoiWY9n4RhzJQ=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>Du7NAQRM...</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIDyTCCArG...</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xmlns:xs="
http://www.w3.org/2001/XMLSchema"
ID="_45c90d736954f45820eb5f64c0237cdeed86a93638" Version="2.0" IssueInstant="2017-10-19T12:22:05Z"> <saml:Issuer>http://aquatest-ldap/simplesaml/saml2/idp/metadata.php</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_45c90d736954f45820eb5f64c0237cdeed86a93638"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>szptwk+Kmj8ArvvwhT8Er5gCjtY=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>SrsL9brTp...</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIDyTCCArG...</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID SPNameQualifier="aqua-saml-sp-localdev" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_48e0734664b4b39dc73f41475463171f1f1eda91c3</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData NotOnOrAfter="2017-10-19T12:27:05Z" Recipient="
http://localhost:54537/web/Account/saml2-acs"
InResponseTo="_aab202fa-0a16-4bbe-8187-4ac5b964f482"/> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2017-10-19T12:21:35Z" NotOnOrAfter="2017-10-19T12:27:05Z"> <saml:AudienceRestriction> <saml:Audience>aqua-saml-sp-localdev</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2017-10-19T11:50:24Z" SessionNotOnOrAfter="2017-10-19T19:50:24Z" SessionIndex="_600b3c036eb001ab8c7b0f75c46bbf8be5c0f61d5e"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">andreas</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="gidNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">43532</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="homeDirectory" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">/home/users/mueller</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">Mueller</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="objectClass" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">inetOrgPerson</saml:AttributeValue> <saml:AttributeValue xsi:type="xs:string">posixAccount</saml:AttributeValue> <saml:AttributeValue xsi:type="xs:string">top</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="userPassword" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">{MD5}jUwUUCmFoBHCN9n1gAY2rQ==</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="uidNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">1001</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">bmueller</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">bmueller</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion></samlp:Response>Last updated