Beispiel

Beispiel einer IdP-Metadaten-Datei

<?xml version="1.0"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="
http://www.w3.org/2000/09/xmldsig#"
 entityID="http://aquatest-ldap/simplesaml/saml2/idp/metadata.php">  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">    <md:KeyDescriptor use="signing">      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">        <ds:X509Data>          <ds:X509Certificate>MIIDyTCCArG...</ds:X509Certificate>        </ds:X509Data>      </ds:KeyInfo>    </md:KeyDescriptor>    <md:KeyDescriptor use="encryption">      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">        <ds:X509Data>          <ds:X509Certificate>MIIDyTCCArG...</ds:X509Certificate>        </ds:X509Data>      </ds:KeyInfo>    </md:KeyDescriptor>    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://aquatest-ldap/simplesaml/saml2/idp/SingleLogoutService.php"/>    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://aquatest-ldap/simplesaml/saml2/idp/SSOService.php"/>  </md:IDPSSODescriptor>  <md:ContactPerson contactType="technical">    <md:GivenName>SAML - Administrator</md:GivenName>    <md:EmailAddress>
admin@andagon.com
</md:EmailAddress>  </md:ContactPerson></md:EntityDescriptor>

Beispiel für eine (unverschlüsselte) erfolgreiche Login-Nachricht von SAML an einen bestimmten ServiceProvider

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_145fa2ed11c809e3d875e084762766d2707e0cd904" Version="2.0" IssueInstant="2017-10-19T12:22:05Z" Destination="
http://localhost:54537/web/Account/saml2-acs"
 InResponseTo="_aab202fa-0a16-4bbe-8187-4ac5b964f482">     <saml:Issuer>http://aquatest-ldap/simplesaml/saml2/idp/metadata.php</saml:Issuer>     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">          <ds:SignedInfo>               <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>               <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>               <ds:Reference URI="#_145fa2ed11c809e3d875e084762766d2707e0cd904">                    <ds:Transforms>                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>                    </ds:Transforms>                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>                    <ds:DigestValue>PCIJShVbyCbsDyVoiWY9n4RhzJQ=</ds:DigestValue>               </ds:Reference>          </ds:SignedInfo>          <ds:SignatureValue>Du7NAQRM...</ds:SignatureValue>          <ds:KeyInfo>               <ds:X509Data>                    <ds:X509Certificate>MIIDyTCCArG...</ds:X509Certificate>               </ds:X509Data>          </ds:KeyInfo>     </ds:Signature>     <samlp:Status>          <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>     </samlp:Status>     <saml:Assertion xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
 xmlns:xs="
http://www.w3.org/2001/XMLSchema"
 ID="_45c90d736954f45820eb5f64c0237cdeed86a93638" Version="2.0" IssueInstant="2017-10-19T12:22:05Z">          <saml:Issuer>http://aquatest-ldap/simplesaml/saml2/idp/metadata.php</saml:Issuer>          <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">               <ds:SignedInfo>                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>                    <ds:Reference URI="#_45c90d736954f45820eb5f64c0237cdeed86a93638">                         <ds:Transforms>                              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>                              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>                         </ds:Transforms>                         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>                         <ds:DigestValue>szptwk+Kmj8ArvvwhT8Er5gCjtY=</ds:DigestValue>                    </ds:Reference>               </ds:SignedInfo>               <ds:SignatureValue>SrsL9brTp...</ds:SignatureValue>               <ds:KeyInfo>                    <ds:X509Data>                         <ds:X509Certificate>MIIDyTCCArG...</ds:X509Certificate>                    </ds:X509Data>               </ds:KeyInfo>          </ds:Signature>          <saml:Subject>               <saml:NameID SPNameQualifier="aqua-saml-sp-localdev" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_48e0734664b4b39dc73f41475463171f1f1eda91c3</saml:NameID>               <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">                    <saml:SubjectConfirmationData NotOnOrAfter="2017-10-19T12:27:05Z" Recipient="
http://localhost:54537/web/Account/saml2-acs"
 InResponseTo="_aab202fa-0a16-4bbe-8187-4ac5b964f482"/>               </saml:SubjectConfirmation>          </saml:Subject>          <saml:Conditions NotBefore="2017-10-19T12:21:35Z" NotOnOrAfter="2017-10-19T12:27:05Z">               <saml:AudienceRestriction>                    <saml:Audience>aqua-saml-sp-localdev</saml:Audience>               </saml:AudienceRestriction>          </saml:Conditions>          <saml:AuthnStatement AuthnInstant="2017-10-19T11:50:24Z" SessionNotOnOrAfter="2017-10-19T19:50:24Z" SessionIndex="_600b3c036eb001ab8c7b0f75c46bbf8be5c0f61d5e">               <saml:AuthnContext>                    <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>               </saml:AuthnContext>          </saml:AuthnStatement>          <saml:AttributeStatement>               <saml:Attribute Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">                    <saml:AttributeValue xsi:type="xs:string">andreas</saml:AttributeValue>               </saml:Attribute>               <saml:Attribute Name="gidNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">                    <saml:AttributeValue xsi:type="xs:string">43532</saml:AttributeValue>               </saml:Attribute>               <saml:Attribute Name="homeDirectory" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">                    <saml:AttributeValue xsi:type="xs:string">/home/users/mueller</saml:AttributeValue>               </saml:Attribute>               <saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">                    <saml:AttributeValue xsi:type="xs:string">Mueller</saml:AttributeValue>               </saml:Attribute>               <saml:Attribute Name="objectClass" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">                    <saml:AttributeValue xsi:type="xs:string">inetOrgPerson</saml:AttributeValue>                    <saml:AttributeValue xsi:type="xs:string">posixAccount</saml:AttributeValue>                    <saml:AttributeValue xsi:type="xs:string">top</saml:AttributeValue>               </saml:Attribute>               <saml:Attribute Name="userPassword" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">                    <saml:AttributeValue xsi:type="xs:string">{MD5}jUwUUCmFoBHCN9n1gAY2rQ==</saml:AttributeValue>               </saml:Attribute>               <saml:Attribute Name="uidNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">                    <saml:AttributeValue xsi:type="xs:string">1001</saml:AttributeValue>               </saml:Attribute>               <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">                    <saml:AttributeValue xsi:type="xs:string">bmueller</saml:AttributeValue>               </saml:Attribute>               <saml:Attribute Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">                    <saml:AttributeValue xsi:type="xs:string">bmueller</saml:AttributeValue>               </saml:Attribute>          </saml:AttributeStatement>     </saml:Assertion></samlp:Response>

PreviousInstallation NextAutomatisierung

Last updated 8 months ago

Was this helpful?