Authentication

SAML 2.0 Response Example

609 views August 15, 2017 August 1, 2018 1

The following example is the response from an authentication performed with Danish NemID.

<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema" Destination="http://toolbox.signicat.com:3000/assert" ID="ID2597tkwpe0nug5f8z9ohh1zrd1s6zzk8jnwo077wd8kjw902qr" InResponseTo="_8a11b69b729159c671be8e54cb9b823433601007d5" IssueInstant="2015-08-28T06:53:58.221Z" Version="2.0">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        https://qa.signicat.com/gateway/signicat/saml2/metadata
    </saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod>
            <ds:Reference URI="#ID2597tkwpe0nug5f8z9ohh1zrd1s6zzk8jnwo077wd8kjw902qr">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"></ec:InclusiveNamespaces>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
                <ds:DigestValue>dw+AB9RXfgEg7ZHNgFCRCESpLWY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
            oQ8aITfI6FwdTZXW9g6r8cP1zzquPk13FwlkfI9CHEoQSjmK/gSJxz6jBj/FfWesSn9iBsB/7hSz
            PHpsfEd4lEp6iUi7vMXe5a7SO3hsRVduh3CG1iX0WzPgiRpVw6iYMUHLOiTJX5jL7ouW601Wrhv3
            AZgWzqBRSZ8aUSDQxkAlFIklnW3oOKLRuUpaRjRfySmBjZu3c9LktUM8H8YKGsx5U4oyowk6rBW0
            wv7zE0UONGaDMKrgn1UucuFfo19+d7ipP7RPR7ojwugzasFt5hWSNvOLoQfj/rmGkUrKtJD53n8s
            abgq4GADzB+Ox7kUlU5eiNkw3JIkE3wge82EGg==
        </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>
                    MIIDuzCCAqOgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML
                    U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xNTA1
                    MTIxMjU2NDZaFw0xNzA5MjMxMjU2NDZaMHgxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkx
                    EjAQBgNVBAcMCVRyb25kaGVpbTERMA8GA1UECgwIU2lnbmljYXQxETAPBgNVBAsMCFNpZ25pY2F0
                    MR4wHAYDVQQDDBViZXRhLnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
                    ggEKAoIBAQC/qGp77ITFy8aEbaYPUcC3QbN6/vPzZIs884W+YNLn/kzqw9FKdIGOxmbRAWVzzJH8
                    rQLAYi1bokBpHQ6WRWEf8H51uvWec0rrmYzEOZbW/41wAuAgErDD6UNDH5/2QGnS7NG2kxVqUxW/
                    Vi7yJ5ggaGi8CqZVl2mov7C7ZO/7r+hJSNhz78v4+keCVWSZD3uuuJhivf6mQfeJQTRDal6+Zz9o
                    aOjwWqbMvH8OSDZKFxMRv4fLnXKvrxK8mdUhXT58QwH6XuovUb0TGHwOc++RlaiQ7nz4uIgEj1Ln
                    DXlMsFoeO+4KB6mNMnKvCya7PPseE99BMH5KPhU2oPAxPj1fAgMBAAGjfzB9MAkGA1UdEwQCMAAw
                    CwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
                    FgQUMPWij9jAi5QLQHuaJXNcN1ONJ2AwHwYDVR0jBBgwFoAUstl+DZ605NwX3br661U41SHRS/Yw
                    DQYJKoZIhvcNAQELBQADggEBADnyy8VjSOXmfbbbOwfFZu4gDfYReYxFKBsCSsSjEAJXSccpNc68
                    jq31+OifcdaDte1v9v4ILz2BK6VJPSNjX2pG2HFxC9RgBrGSQ0hUfL6yQCsMvSQw/ogeweLj8ce9
                    wcHa0Pntok1EPpPmKcGTmP94KjAlCM6p849+1B0OjA/Muqi6TNa5MzoDX9H96VrK7BB/Yjpqk6HQ
                    3be7+JoKAc+tjVEOxzivEvRDbGMDn0pNwLVIl4OB7QquMEvfRxxgQl/sBnsk99OTHgd5uI6A/nlm
                    SRqm9WZyzUwNMuHcOaHLosgc2x1iCQmfKIYVxPuBsXZTgo/Nw2d+KECDNI5IKt8=
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode>
    </saml2p:Status>
    <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID62nswqka2ta637x44wbs5n2k6wcpvtcty9rx6rwo6r4q4capsa" IssueInstant="2015-08-28T06:53:59.908Z" Version="2.0">
        <saml2:Issuer>
            https://qa.signicat.com/gateway/signicat/saml2/metadata
        </saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="NEMID">9208-2002-2-508510535239</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData InResponseTo="_8a11b69b729159c671be8e54cb9b823433601007d5" NotOnOrAfter="2015-08-28T06:54:29.908Z" Recipient="http://toolbox.signicat.com:3000/assert"></saml2:SubjectConfirmationData>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotOnOrAfter="2015-08-28T06:54:29.908Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://toolboxnode.net</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2015-08-28T06:53:45.661Z" SessionIndex="1vt4mlwddg216bsixrlgdcvii3gde4j22wd6g86vippujikg8">
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI</saml2:AuthnContextClassRef>
                <saml2:AuthnContextDeclRef>urn:signicat:SAML:2.0:ac:ref:signicat:nemidjs</saml2:AuthnContextDeclRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute Name="surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"></saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="national-identity" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">0705852669</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="given-name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"></saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="signicat.national-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">0705852669</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"></saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="national-identity-country" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">DK</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="common-name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Kali Kula</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="signicat.unique-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">9208-2002-2-508510535239</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

Was this helpful?