...
Code Block | ||||
---|---|---|---|---|
| ||||
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:sbf="urn:liberty:sb" xmlns:sb="urn:liberty:sb:2006-08">
<!-- ID-WSF defined headers -->
<sbf:Framework version="2.0"/>
<sb:Sender providerID="https://idp.example.edu/idp/shibboleth"/>
<!-- WS-Addressing headers with routing information -->
<wsa:MessageID>uuid:071BCD36-FE77-470D-9AA9-9B5628D0873A</wsa:MessageID>
<wsa:RelatesTo>uuid:efefefef-aaaa-ffff-cccc-eeeeffffcccc</wsa:RelatesTo>
<wsa:Action>urn:liberty:ssos:2006-08:Response</wsa:Action>
<!-- WS-Security header with timestamp -->
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2008-03-14T17:25:30Z</wsu:Created>
</wsu:Timestamp>
</wsse:Security>
</S:Header>
<S:Body>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_e71fa15519729e9e3adea5d02b2e38af"
InResponseTo="_a02c7e89e77e4871b84349a9db338374" IssueInstant="2008-03-14T17:25:30Z" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.edu/idp/shibboleth</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0"
ID="_682C46C8-198A-436C-9E0F-DBBC155DE415" IssueInstant="2008-03-14T17:25:30Z">
<saml:Issuer>https://idp.example.edu/idp/shibboleth</saml:Issuer>
<ds:Signature>...</ds:Signature> <!-- signature elided -->
<saml:Subject>
<!-- the identifier is scoped between the IdP and the Portlet -->
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
E8042FB4-4D5B-48C3-8E14-8EDD852790FF
</saml:NameID>
<!-- the first confirmation is for the portal -->
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
https://portal.example.edu/shibboleth
</saml:NameID>
<saml:SubjectConfirmationData NotOnOrAfter="2008-03-14T17:30:30Z"
Recipient="http://www.w3.org/2005/08/addressing/role/anonymous"/>
</saml:SubjectConfirmation>
<!-- the second confirmation is for the portlet back to the IdP -->
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
https://portal.example.edu/portlet1/shibboleth
</saml:NameID>
<saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType"
xmlns:shib="urn:mace:shibboleth:2.0"
shib:TransitedProvider="https://portal.example.edu/shibboleth">
<ds:KeyInfo>...<ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<!-- the conditions apply to all uses, and the assertion is scoped to the Portlet and IdP -->
<saml:Conditions NotBefore="2008-03-14T17:25:30Z" NotOnOrAfter="2008-03-14T18:25:30Z">
<saml:AudienceRestriction>
<saml:Audience>https://portal.example.edu/portlet1/shibboleth</saml:Audience>
<saml:Audience>https://idp.example.edu/idp/shibboleth</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2008-03-14T17:21:24.781Z" SessionIndex="_682C46C8-198A-436C-9E0F-DBBC155DE414">
<saml:SubjectLocality Address="192.168.1.1"/>
<saml:AuthnContext>
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
<saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
...
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
</S:Body>
</S:Envelope>
|
...