Skip to content

Instantly share code, notes, and snippets.

@thomasdarimont
Last active Mar 13, 2019
Embed
What would you like to do?
SAML Response example

SAML Response1

<samlp:Response Destination="http://localhost:20005/saml/SSO"
    ID="ID_55bd7886-5258-4111-b9a9-6cca1e2ecf3f" InResponseTo="a1e14i88dh8h56ei32ab6g87ej12heg"
    IssueInstant="2019-02-28T18:04:11.250Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://localhost:8080/auth/realms/samldemo</saml:Issuer>
    <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <dsig:Reference URI="#ID_55bd7886-5258-4111-b9a9-6cca1e2ecf3f">
                <dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <dsig:DigestValue>aFH4f6Bfjrvht+UIGsKwvEnar3G6Rq7siXKB7ftUIL0=</dsig:DigestValue>
            </dsig:Reference>
        </dsig:SignedInfo>
        <dsig:SignatureValue>Ntq+p1/gnYVZTKCONoKlp1yaREzBDu1XWIfnUuVtYD9wPa1AT7UUFnpIO9rmmjY+rvJmo85toqoKYM5b9mj0NfF2Idn6h0Y91lusqiG4/znT140z6drMVlr1Y0s/WIO1IQPTF0G0TnB3/+G9Q+Tjc1Qf8dshgW1AAkFB7FH7tma9vhXCoRYZ+DZk4eq22b48j6kFPoBGwG3eQWBX0vlWBf/QB4n8acITe3DRHN7WPt0Ci70QsQ68NZxyv/asUsokiEX8k7wneEauCkFFD1LAf34ouX3ZtexI7a/n0ym+wlyhDBzYR5yYhh0O/+fv/gmCCAMNTjLypM7WayX8LpFGFg==</dsig:SignatureValue>
        <dsig:KeyInfo>
            <dsig:KeyName>q7ABklam1Jr0DsE0EYcW-YN3cGRR0Pe7rCqHfaqxm4E</dsig:KeyName>
            <dsig:X509Data>
                <dsig:X509Certificate>MIICnzCCAYcCBgFpNRDrPjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhzYW1sZGVtbzAeFw0xOTAyMjgxNzAzMTVaFw0yOTAyMjgxNzA0NTVaMBMxETAPBgNVBAMMCHNhbWxkZW1vMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnCwCV4Ki7CS931c2Uolo3l175GKhlEOegWFOLzFTL7n1B0L5FAUZWRa01u+KNY8OHNoxgOSgMbWEHkYim3SG4gD3FXB065EknFPxF2606K1T6pHU26gyt0N7bYG+UiJW2cBk4r/z5mr1Ht1mT5aA0EPfL0ntV6GCHdzbrCedDDHPJE/wxm6IT0uPPSR8WC6f7373VX+uKoofslDUGFElwh5i7VP7DulRqi51tFJ4IxRb1IqiycOFcqKtQzpt5hSWI1h6Ribv3bhVoSjuqBzMI9iDMd9tBAXoVf5R1P1qP62TndyZJHsLOPLy2i4vzt3VY0Z4MCiUyXQSx18L7RDowIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAYDGh78ZlCHD/wgVqgijI2vIrNfXwn3R48ni6v/iDVdrjzse+CeRyPnSc9FONN6ZD8INaFQboU+U4cGTU4EaRpjTqqMNw2xUOZ+Om7iWXvdpZl8utiKRQqPGoRUWJuq+4hRzLeEpvUN+QSixNp4Im7kAoXbmMCTG6B1mJ+E57W/xMBEzj7aEV7c7/bU8fSd2omj19D7ndfr23Z2RAAypdiYz9T3wAcbgvKozOvMiZz+Rg6yCkYujuUJGzUqPs88VFoPMlOEkqswkGmQN0ja7Z0Fkhj4pC9IwOIyvfV1ANkPZGDnYO2Vj9orj21bySpISDu/8gqxA9djV6NXyWqVjyq</dsig:X509Certificate>
            </dsig:X509Data>
            <dsig:KeyValue>
                <dsig:RSAKeyValue>
                    <dsig:Modulus>rnCwCV4Ki7CS931c2Uolo3l175GKhlEOegWFOLzFTL7n1B0L5FAUZWRa01u+KNY8OHNoxgOSgMbWEHkYim3SG4gD3FXB065EknFPxF2606K1T6pHU26gyt0N7bYG+UiJW2cBk4r/z5mr1Ht1mT5aA0EPfL0ntV6GCHdzbrCedDDHPJE/wxm6IT0uPPSR8WC6f7373VX+uKoofslDUGFElwh5i7VP7DulRqi51tFJ4IxRb1IqiycOFcqKtQzpt5hSWI1h6Ribv3bhVoSjuqBzMI9iDMd9tBAXoVf5R1P1qP62TndyZJHsLOPLy2i4vzt3VY0Z4MCiUyXQSx18L7RDow==</dsig:Modulus>
                    <dsig:Exponent>AQAB</dsig:Exponent>
                </dsig:RSAKeyValue>
            </dsig:KeyValue>
        </dsig:KeyInfo>
    </dsig:Signature>
    <samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
    <saml:Assertion ID="ID_05322d51-a89d-4b93-bdb5-a86f320819f2" IssueInstant="2019-02-28T18:04:11.247Z"
        Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml:Issuer>http://localhost:8080/auth/realms/samldemo</saml:Issuer>
        <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
            <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <dsig:Reference URI="#ID_05322d51-a89d-4b93-bdb5-a86f320819f2">
                    <dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <dsig:DigestValue>34FQqT/uAKGED94qjMzG4m4pf4OXjr10HPPX+o74AO0=</dsig:DigestValue>
                </dsig:Reference>
            </dsig:SignedInfo>
            <dsig:SignatureValue>ojFbmrEY0EBuEQu3Z/Xew9k3qs2zRN54Ik99I77W4m/UWAHmed6G5jQkzjCt/hoZV3d57WMU+oHDagOMhd/pc59c9b8WMUA/Fr6FZxhjvGCP229aoJtUhfoMZHZUoK/decw91L9xNglEyeGPpa9bNbvCBo+lp/l/l9iVezOzFgCmd1VigevqCoV45DGAd/wvPAld37L/rBWQNX3hurjdXVZtq8mcaqYBGn1AOZkjFZqLj8mTVdu1TTs/V3FPjUIpzWed4SzJ1FcP2smudtXUsT94ywG4cHnPVGOmY2No8WFx7ze5jgDXCbCYrA/xBxlsBI5Wnguf0kOqpO5BYES6lA==</dsig:SignatureValue>
            <dsig:KeyInfo>
                <dsig:KeyName>q7ABklam1Jr0DsE0EYcW-YN3cGRR0Pe7rCqHfaqxm4E</dsig:KeyName>
                <dsig:X509Data>
                    <dsig:X509Certificate>MIICnzCCAYcCBgFpNRDrPjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhzYW1sZGVtbzAeFw0xOTAyMjgxNzAzMTVaFw0yOTAyMjgxNzA0NTVaMBMxETAPBgNVBAMMCHNhbWxkZW1vMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnCwCV4Ki7CS931c2Uolo3l175GKhlEOegWFOLzFTL7n1B0L5FAUZWRa01u+KNY8OHNoxgOSgMbWEHkYim3SG4gD3FXB065EknFPxF2606K1T6pHU26gyt0N7bYG+UiJW2cBk4r/z5mr1Ht1mT5aA0EPfL0ntV6GCHdzbrCedDDHPJE/wxm6IT0uPPSR8WC6f7373VX+uKoofslDUGFElwh5i7VP7DulRqi51tFJ4IxRb1IqiycOFcqKtQzpt5hSWI1h6Ribv3bhVoSjuqBzMI9iDMd9tBAXoVf5R1P1qP62TndyZJHsLOPLy2i4vzt3VY0Z4MCiUyXQSx18L7RDowIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAYDGh78ZlCHD/wgVqgijI2vIrNfXwn3R48ni6v/iDVdrjzse+CeRyPnSc9FONN6ZD8INaFQboU+U4cGTU4EaRpjTqqMNw2xUOZ+Om7iWXvdpZl8utiKRQqPGoRUWJuq+4hRzLeEpvUN+QSixNp4Im7kAoXbmMCTG6B1mJ+E57W/xMBEzj7aEV7c7/bU8fSd2omj19D7ndfr23Z2RAAypdiYz9T3wAcbgvKozOvMiZz+Rg6yCkYujuUJGzUqPs88VFoPMlOEkqswkGmQN0ja7Z0Fkhj4pC9IwOIyvfV1ANkPZGDnYO2Vj9orj21bySpISDu/8gqxA9djV6NXyWqVjyq</dsig:X509Certificate>
                </dsig:X509Data>
                <dsig:KeyValue>
                    <dsig:RSAKeyValue>
                        <dsig:Modulus>rnCwCV4Ki7CS931c2Uolo3l175GKhlEOegWFOLzFTL7n1B0L5FAUZWRa01u+KNY8OHNoxgOSgMbWEHkYim3SG4gD3FXB065EknFPxF2606K1T6pHU26gyt0N7bYG+UiJW2cBk4r/z5mr1Ht1mT5aA0EPfL0ntV6GCHdzbrCedDDHPJE/wxm6IT0uPPSR8WC6f7373VX+uKoofslDUGFElwh5i7VP7DulRqi51tFJ4IxRb1IqiycOFcqKtQzpt5hSWI1h6Ribv3bhVoSjuqBzMI9iDMd9tBAXoVf5R1P1qP62TndyZJHsLOPLy2i4vzt3VY0Z4MCiUyXQSx18L7RDow==</dsig:Modulus>
                        <dsig:Exponent>AQAB</dsig:Exponent>
                    </dsig:RSAKeyValue>
                </dsig:KeyValue>
            </dsig:KeyInfo>
        </dsig:Signature>
        <saml:Subject>
            <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">tester</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="a1e14i88dh8h56ei32ab6g87ej12heg"
                NotOnOrAfter="2019-02-28T18:09:09.247Z" Recipient="http://localhost:20005/saml/SSO"/></saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions NotBefore="2019-02-28T18:04:09.247Z" NotOnOrAfter="2019-02-28T18:05:09.247Z">
            <saml:AudienceRestriction>
                <saml:Audience>com:vdenotaris:spring:sp</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthnInstant="2019-02-28T18:04:11.251Z"
            SessionIndex="2ba84f7d-7644-44e2-8efb-14ade746a026::d062b259-9617-4bcc-b8a6-5539ef781ac7">
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
            </saml:AuthnContext>
        </saml:AuthnStatement>
        <AttributeStatement>
            <Attribute Name="Role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">dummy</AttributeValue>
            </Attribute>
            <Attribute FriendlyName="XSPA Organization ID"
                Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id"
                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:anyURI">urn:oid:1.2.3.4.5.6.7.8.9.10.11.12</AttributeValue>
            </Attribute>
            <Attribute FriendlyName="Acme Role" Name="urn:oasis:names:tc:xacml:2.0:subject:role"
                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:anyType"><Role code="PRA" codeSystem="1.2.3.4.5.6.7.8.9.10.11.12"
                    codeSystemName="IHEXDShealthcareFacilityTypeCode" displayName="Doctor's office"
                    xmlns="urn:hl7-org:v3"/></AttributeValue>
            </Attribute>
        </AttributeStatement>
    </saml:Assertion>
</samlp:Response>

ADFS SAML Response

<samlp:Response Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
    Destination="https://adsrv01:8443/auth/realms/tdlabs-ad-ldaps/broker/adfs-saml/endpoint"
    ID="_ef52f991-47ac-496a-91f4-cff98b2ab4bf" InResponseTo="ID_1722aba9-59a7-45d2-b9e6-df7818245f2e"
    IssueInstant="2019-03-13T18:47:13.231Z" Version="2.0"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adsrv01.tdlabs.local/adfs/services/trust</Issuer>
    <samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
    <Assertion ID="_e026c3b0-1a35-4878-b5f2-1615dcc041f8" IssueInstant="2019-03-13T18:47:13.201Z"
        Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
        <Issuer>http://adsrv01.tdlabs.local/adfs/services/trust</Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_e026c3b0-1a35-4878-b5f2-1615dcc041f8">
                    <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>yf0+LN1ize/PpsZCLhVMJNZmCw4zTY/MY934py2c4e4=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>lNddkvxKr4A82IGmffo4TkF0in9j5jQctsXF48vW82W63/yUt0bnAuWyKAAclrPmvtNAyjqYSRgL/6aaWuKQUFNd5EQyOGEMtKnJrqyV/9sO/Mwiq0euNc3m1zMcAg4bx+XwGjJIzZ5eS5+u9KaOQ4b9kCLqX/0g+DF4zM1TWFKNgYL3w2h5+7AwXawnVuy2X60oXVAOPbpADCe86QWE25RuuwZKvlEo7WzEy9F4sZYndriObnKMr7thNS3CTwIrrar2amni1DqmttPZdv23yjKEkK9DNHz4eFGFAQVMvP8iD8X9xgwEbFbE513d03LggMjvihCexZcPHogPZwOPIg==</ds:SignatureValue>
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>MIIC5DCCAcygAwIBAgIQcN3SdIjxCI5AKKGPbbJQUTANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNBREZTIFNpZ25pbmcgLSBhZHNydjAxLnRkbGFicy5sb2NhbDAeFw0xOTAzMTEwOTQ3NDNaFw0yMDAzMTAwOTQ3NDNaMC4xLDAqBgNVBAMTI0FERlMgU2lnbmluZyAtIGFkc3J2MDEudGRsYWJzLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxo40S7y7IQfZqRtc+F0FCSZMgTRbrUhKj/ECtwlo3CS2r7U2y0kWks4yxDpW2U2q4v3EbrGaij/zFQ6Rup4WfKZB61+z+ZQVQaFzER4qTobb9lcwX5eebLwkbKRLxlOtB39/sbbsksSh2oq6v+Tc8I4WvBP+hCVoa3eW3QfJYWZb7qMIZ9NuJRjaNQbt2HpXuprfaeaXb+xBQcgsr65tTQZ6kPQR0LdlTl8DPVpekOL2sG7/tvnCr3S525ygfvlvPjvMqM6Os0+XrvFEEh0ZDz9xYgmn1moCkzKT+EJbs1n0c1hVDMYsBHO88Xaf/MbFM09wu9pk3BJHW+qYDHk9cwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA1dkkd9FNGOIVnJWOpNshhZpkYv7sxvR16S5EksxlYpiEQmDtlJBDVRBuS52ftd+vM6InkL8Wg4dqdpWl2KakVA2yJ/vTDB0wSbzy46bXQIOLkt/NsV6rxioOPGGv+i/ui+jjUHV4QHGqLGwPkkcR1ge+its7sqAj/G6YH0GAjJqe35An7aHlYpjxTxySrjGut0sr//Gc/6d34+tKUs7ddnHgManb/s7niz0uEe+4egKfGipOS/EcNM06T790Ie4MGvFy5zbF38OR7nwLZX69tejyFwEIbp38tBSF5L4YmtjooVJbgd08/OTwJdtHFLSu8MKB0Uc/aPTnuuZoHfU+o</ds:X509Certificate>
                </ds:X509Data>
            </KeyInfo>
        </ds:Signature>
        <Subject>
            <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName">TDLABS\adfstester</NameID>
            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="ID_1722aba9-59a7-45d2-b9e6-df7818245f2e"
                NotOnOrAfter="2019-03-13T18:52:13.231Z"
                Recipient="https://adsrv01:8443/auth/realms/tdlabs-ad-ldaps/broker/adfs-saml/endpoint"/></SubjectConfirmation>
        </Subject>
        <Conditions NotBefore="2019-03-13T18:47:13.190Z" NotOnOrAfter="2019-03-13T19:47:13.190Z">
            <AudienceRestriction>
                <Audience>https://adsrv01:8443/auth/realms/tdlabs-ad-ldaps</Audience>
            </AudienceRestriction>
        </Conditions>
        <AttributeStatement>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
                <AttributeValue>tom+tina@tdlabs.local</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname">
                <AttributeValue>adfstester</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
                <AttributeValue>Tina</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
                <AttributeValue>Tester</AttributeValue>
            </Attribute>
            <Attribute Name="username">
                <AttributeValue>adfstester</AttributeValue>
            </Attribute>
        </AttributeStatement>
        <AuthnStatement AuthnInstant="2019-03-13T18:47:12.707Z"
            SessionIndex="_e026c3b0-1a35-4878-b5f2-1615dcc041f8">
            <AuthnContext>
                <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
            </AuthnContext>
        </AuthnStatement>
    </Assertion>
</samlp:Response>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment