VETUMA SAML SAMPLE MESSAGES



Similar documents
Single Sign-On Implementation Guide

Single Sign-On Implementation Guide

Single Sign-On Implementation Guide

National Identity Exchange Federation. Web Browser User-to-System Profile. Version 1.0

Security Assertion Markup Language (SAML)

Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only)

SAML Profile for SSO in Danish Public Sector V2.0 Assertion Examples,

Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only)

Standalone SAML Attribute Authority With Shibboleth

Web Access Management and Single Sign-On

Security Assertion Markup Language (SAML) V2.0 Technical Overview

Feide Technical Guide. Technical details for integrating a service into Feide

MLSListings Single Sign On Implementation Guide. Compatible with MLSListings Applications

OIOIDWS for Healthcare Token Profile for Authentication Tokens

Security Assertion Markup Language (SAML) 2.0 Technical Overview

Tusker IT Department Tusker IT Architecture

Biometric Single Sign-on using SAML Architecture & Design Strategies

Разработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, November 2009 Joost van Dijk - SURFnet

Federation architectures for mobile applications OAuth 2.0 Drivers OAuth 2.0 Overview Mobile walkthrough

SAML 2.0 INT SSO Deployment Profile

SAML 2.0 protocol deployment profile

Kantara egov and SAML2int comparison

Open Source Identity Integration with OpenSSO

Web Single Sign-On Authentication using SAML

Practical Security Evaluation of SAML-based Single Sign-On Solutions

IAM Application Integration Guide

Single Sign on Using SAML

Federal Identity, Credential, and Access Management Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile

SAML and XACML Overview. Prepared by Abbie Barbir, Nortel Canada April 25, 2006

Federal Identity, Credentialing, and Access Management Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile

ORACLE TALEO BUSINESS EDITION SINGLE SIGN ON SERVICE PROVIDER REFERENCE GUIDE RELEASE 15.A2

MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY. ASR 2006/2007 Final Project. Supervisers: Maryline Maknavicius-Laurent, Guy Bernard

SAML Single-Sign-On (SSO)

Single Sign-On Implementation Guide

FEDERATED IDENTITY MANAGEMENT:

Martin Käser. Single Sign-on mit OpenSAML

SAML (Security Assertion Markup Language) Security Model for RESTful Web Services

Liberty Technology Tutorial

It is I, SAML. Ana Mandić Development Five Minutes Ltd

SAML basics A technical introduction to the Security Assertion Markup Language

Shibboleth Architecture

SAML Security Analysis. Huang Zheng Xiong Jiaxi Ren Sijun

Shibboleth Authentication. Information Systems & Computing Identity and Access Management May 23, 2014

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

Web Services Security: SAML Token Profile 1.1

2.2 Federated Identity Technologies

Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0

Design and Implementaion of a Single Sign-On Library Supporting SAML (Security Assertion Markup Language) for Grid and Web Services Security

DocuSign Information Guide. Single Sign On Functionality. Overview. Table of Contents

The Vetuma Service of the Finnish Public Administration SAML interface specification Version: 3.5

Web Based Single Sign-On and Access Control

Setting Up Federated Identity with IBM SmartCloud

IBM WebSphere Application Server

Portalverbundprotokoll Version 2. S-Profil. Konvention PVP2-S-Profil Ergebnis der AG

How To Create A Web Based Identity Management System

Federating with Web Applications

GFIPM Web Browser User-to-System Profile Version 1.2

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Flexible authentication for stateless web services

MACE-Dir SAML Attribute Profiles

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services

Shibboleth Configuration from 100,000 Feet, in 15 Minutes or Less! Steve Thorpe Systems Programmer / Analyst MCNC

Authentication Context Classes for Levels of Assurance for the Swedish eid Framework


Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Integration of Office 365 with existing faculty SSO

CAS Protocol 3.0 specification

Security Gateway Buyer s Guide

Shibboleth 2: A Guide for Deployers. Scott Cantor cantor.2@osu.edu Internet2 / The Ohio State University

How to create a SP and a IDP which are visible across tenant space via Config files in IS

Using XACML and SAML for Authorisation messaging and assertions: XACML and SAML standards overview and usage examples

Security Assertion Markup Language (SAML) Site Manager Setup

Microsoft Active Directory Oracle Enterprise Gateway Integration Guide

SAML Privacy-Enhancing Profile

SAML Authentication within Secret Server

This section includes troubleshooting topics about single sign-on (SSO) issues.

SAML Security Option White Paper

Revised edition. OIO Web SSO Profile V2.0.8 (also known as OIOSAML 2.0.8) Includes errata and minor clarifications

OIOSAML Rich Client to Browser Scenario Version 1.0

Simple Cloud Identity Management (SCIM)

The Florida Department of Education s Single Sign-On Solution. July - August 2012

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

Access Control in Distributed Systems. Murat Kantarcioglu

Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide

Revised edition. OIO Web SSO Profile V2.0.9 (also known as OIOSAML 2.0.9) Includes errata and minor clarifications

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Federated Identity Opportunities & Risks

365 Services. 1.1 Configuring Access Manager Prerequisite Adding the Office 365 Metadata. docsys (en) 2 August 2012

AK IT-Sicherheit 1. Identity Management. Bernd Zwattendorfer Graz,

SAML Profile for Privacy-enhanced Federated Identity Management

Compass Security. [The ICT-Security Experts] SAML 2.0 [Beer Talk Berlin 2/16/2016] Stephan Sekula

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Section 1, Configuring Access Manager, on page 1 Section 2, Configuring Office 365, on page 4 Section 3, Verifying Single Sign-On Access, on page 5

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

SAML Federated Identity at OASIS

Transcription:

Page 1 Version: 3.5 4.11.2015 VETUMA SAML SAMPLE MESSAGES 1 (7)

Page 2 Version: 3.5 4.11.2015 Table of Contents 1. Introduction... 3 2. Authentication... 4 2.1 Single sign-on... 4 2.1.1 Request message... 4 2.1.2 Response message... 4 2.2 Logout... 6 2.2.1 Request message... 6 2.2.2 Response message... 7 2.3 Identity provider request... 7 2.3.1 Request message... 7 2.3.2 Response message... 7 2 (7)

Page 3 Version: 3.5 4.11.2015 1. INTRODUCTION This document presents sample messages of the Vetuma SAML interface. This document is appendix 3 for document Vetuma-palvelun SAML-kutsurajapinnan määrittely_en (SAML system call interface specification for Vetuma). The aim of this document is not to describe all the different alternative messages of the Vetuma interface, but to give a sufficiently comprehensive sample to facilitate the use of the interface. 3 (7)

Page 4 Version: 3.5 4.11.2015 2. AUTHENTICATION 2.1 Single sign-on 2.1.1 Request message <?xml version="1.0" encoding="utf-8" standalone="no"?><samlp:authnrequest AssertionConsumerServiceURL="https://localhost/app/samlReturn.jsp?A=3&B=REJECT " Destination="https://testitunnistus.suomi.fi/VETUMASSO/app" ID="mPC_vsm2b3i6-2sa3-9g6x-k8nu-wzsnfy2w3y" IssueInstant="2009-02-11T13:51:19.693Z" Version="2.0"> <saml:issuer>https://localhost/app</saml:issuer> ethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>Method URI="#mPC_vsm2b3i6-2sa3-9g6x-k8nu-wzsnfy2w3y"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>xAI+TNK1KlV5DK xrn+vp57/fuog=</ds:digestvalue></ds:reference></ds:signedinfo>value>i xel75h76h//4wtlhs40d99jo/1tv0zquixvmt5ynnddrd94gb0u4osivnj3zuk4uq4oxcpdfbbk k9pc5wmxz3hebkjd22dechmnehbq5f/jmhteslohngiijw/qb85bnowd8bpianxamjsz+plgon7e aosn7i8t2thb4gbalev00lm9je36qfvstjyyhxf92sbatjwioqoj994u9o83agiwfengv6o6wf3h +H4ZJVZ6yDPgYHpFePcwS0J2PRUrRXG/lgMdRoRGPShm99o6tKBVaiBtMF7MdvMBVPhssygFKh5q sdoawwpum3q3x1c7ywuv7pvlatc1v/s5wtyh+g==</ds:signaturevalue><ds:keyinfo><ds:x509da nfo></ds:signature><samlp:extensions><vetuma xmlns="urn:vetuma:saml:2.0:extensions"><lg>fi</lg></vetuma></samlp:extensions> </samlp:authnrequest> 2.1.2 Response message <?xml version="1.0" encoding="utf-8" standalone="no"?><samlp:response Destination="https://localhost/app/samlReturn.jsp?A=3&B=REJECT" ID="MPL_fcfe337dd7b3-f0350774-b663-4686-8c14-57214e4e06e7-22eae623fa40" InResponseTo="mPC_vsm2b3i6-2sa3-9g6x-k8nu-wzsnfy2w3y" IssueInstant="2009-02- 11T13:52:43.238Z" Version="2.0"> <saml:issuer>https://testitunnistus.suomi.fi/vetumasso/app</saml:issuer> ethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>Method 4 (7)

Page 5 Version: 3.5 4.11.2015 URI="#MPL_fcfe337dd7b3-f0350774-b663-4686-8c14-57214e4e06e7-22eae623fa40"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>KsbQ3bxvRpjBfA NOYgpWJjwPboE=</ds:DigestValue></ds:Reference></ds:SignedInfo>Value>d 3h4q79e8MP0/qk/uQrVAI9BLom41+qgArChVb35M97gugXluQJXIOVNIzyvGb8LtaTXbZtcB+5/ vtjfgv5lkix/ua6iq8hkvkqkxjv9qwp264gjctn3/xobspoqgjqfheusspedo8hezoanqwqmztaf welwbepsp4jfocoqii8rpbitpiwtmacf18ac2fsqe7c60sfljl7bo6e8tloent/qhke6rhqd0h0z Tb41/YGGvlp96eFal2UdKmpK0WX5XzPW2c2xmCCN87UKB3cv2pjGmKgIUKfZsw1MG3jOELPdx3Vp K4aJSPrNQZK+yniu4UGusI9Emc/PwEO3uJPcCQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Da nfo></ds:signature><samlp:status> <samlp:statuscode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:status> <saml:assertion ID="MPL_fcfe337dd7b3-a7c2ad85-8e02-495b-a13c-c2895e3290e4-2457ff07ce16" IssueInstant="2009-02-11T13:52:43.230Z" Version="2.0"> <saml:issuer>https://testitunnistus.suomi.fi/vetumasso/app</saml:issuer> ethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>Method URI="#MPL_fcfe337dd7b3-a7c2ad85-8e02-495b-a13c-c2895e3290e4-2457ff07ce16"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>7VX4qgK0JU+jp1 CakwBnIO0Bn3s=</ds:DigestValue></ds:Reference></ds:SignedInfo>Value>H 2R56VHJ0QKNn67BnY96yr+1BUUqHVv69qZE+5KsXzMhpdg4OM9LO6fl734SL7/DUjPLHEKLjK6x ohonuw2ejbb19voutj+y2wqo4ntltcyy0j37xbqzr9jnkswsgt9yzvtlp5pazxrkkdhohssurd3c r8xtvquiz8rvqgw2j9glyff3ibkxbmfpf82ovufxapi2r7f03l+r+gbqca9qndmg7dxlyirnjiz8 HhvTI/ayHnk5i4e4I05V+G1R379l20gPWs5pIXlnMWD5RjuKCG5s3W2A70JZvynb0SqVwh59gIkE OjwlLwymwlkOAKEk5lMrtbvt6F2SlhZ1H1C/1w==</ds:SignatureValue><ds:KeyInfo><ds:X509Da nfo></ds:signature><saml:subject> <saml:nameid Format="urn:oasis:names:tc:SAML:2.0:nameid- format:transient">_adc07330da05-f663ab2b-1422-4bbd-b348-b22a0388ea45-69b9c9e5eef1</saml:nameid> <saml:subjectconfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:subjectconfirmationdata InResponseTo="mPC_vsm2b3i6-2sa3-9g6x-k8nuwzsnfy2w3y" NotOnOrAfter="2009-02-11T14:02:43.212Z" Recipient="https://localhost/app/samlReturn.jsp?A=3&B=REJECT"/> </saml:subjectconfirmation> </saml:subject> <saml:authnstatement AuthnInstant="2009-02-11T13:52:43.194Z" SessionIndex="1ddcb1f3-3842-4103-ac0d-fdf01a0e37fb-54e75e4cca8c"> <saml:authncontext><saml:authncontextclassref>urn:oasis:names:tc:saml:2.0:ac:class es:textbasedchallengeresponse</saml:authncontextclassref> 5 (7)

Page 6 Version: 3.5 4.11.2015 </saml:authncontext> </saml:authnstatement> <saml:attributestatement> <saml:attribute FriendlyName="cn" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:attributevalue>testi ANNA</saml:AttributeValue> </saml:attribute> <saml:attribute FriendlyName="HETU" Name="urn:oid:1.2.246.21" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:attributevalue>010101-1119</saml:attributevalue> </saml:attribute> </saml:attributestatement> </saml:assertion> </samlp:response> 2.2 Logout 2.2.1 Request message <?xml version="1.0" encoding="utf-8" standalone="no"?><samlp:logoutrequest Destination="https://testitunnistus.suomi.fi/VETUMASSO/app/SLO" ID="mPC_v1b9gu8k- 1qq3-jjny-p11d-boptjbxgo5" IssueInstant="2009-02-11T13:55:43.553Z" Version="2.0"> <saml:issuer>https://localhost/app</saml:issuer> ethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>Method URI="#mPC_v1b9gu8k-1qq3-jjny-p11d-boptjbxgo5"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>X34ygUiwIOatOb 7aZD5oWgw9oLg=</ds:DigestValue></ds:Reference></ds:SignedInfo>Value>R z5cbgecwvnidldce8/scazndd6i1f42q8lg0nbzbjahrqthkz5nmafngg/nmxzfueqagkgggua5 t7lndy5tkmaheqg6er786xhflsve+6l0gk0pjeo4adhnrwezlm1dtrd73a8z4mspfxsuhxgwi+lt a/bbjlgbumuepqcrzhlzqu+vk0iy8hz8axz/2vqb5s0ac3pvotpg2swlyafe0mrbhtpy1h4mhw1q q/tgzukh/xkht/ce1jmnnfhggwipwsodrnkow9y6nh+d4yktvm8dt6ygexl6xv1ree6hdocu/d7a cgvtslvp18kqogc7ct4/ohiyzjetw9+5mxqgga==</ds:signaturevalue><ds:keyinfo><ds:x509da nfo></ds:signature><samlp:extensions><vetuma xmlns="urn:vetuma:saml:2.0:extensions"><lg>fi</lg></vetuma></samlp:extensions><sam l:nameid Format="urn:oasis:names:tc:SAML:2.0:nameid- format:transient">_adc07330da05-f663ab2b-1422-4bbd-b348-b22a0388ea45-69b9c9e5eef1</saml:nameid><samlp:sessionindex>80debe0b-a1d7-4b9d-85b2- c825054ee68c-fc8eb4693fd0</samlp:sessionindex> </samlp:logoutrequest> 6 (7)

Page 7 Version: 3.5 4.11.2015 2.2.2 Response message <?xml version="1.0" encoding="utf-8" standalone="no"?><samlp:logoutresponse Destination="https://localhost/app/singlelogoutReturn.jsp" ID="MPL_fcfe337dd7b3-78d0216a-53a4-427c-8d05-a0ba66e9f018-8bd81291f4d0" InResponseTo="mPC_v1b9gu8k- 1qq3-jjny-p11d-boptjbxgo5" IssueInstant="2009-02-11T13:58:37.728Z" Version="2.0"> <saml:issuer>https://testitunnistus.suomi.fi/vetumasso/app</saml:issuer> ethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>Method URI="#MPL_fcfe337dd7b3-78d0216a-53a4-427c-8d05-a0ba66e9f018-8bd81291f4d0"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>GIs5Ub+h96IuTy 0p9sRCPNeZNo0=</ds:DigestValue></ds:Reference></ds:SignedInfo>Value>j cbve/w+9e+0ce8rpaijm+effg2xmrvqnpgodwh887a18y9qx05vulicdn+un4aswlj1ciuoedbp OWD0pOtBYG7pNjuBGXywg5roN00AmMXvcdD8Il2G+5O0tM6gjOUy/BheFcDfAOJdlUujEmlptifQ fhfqdvt6kenzyir58rsqu3wqhwaj0eib8172p8ikqivnkqoptdbc7rd/bjr6eld2yktavi7yx+bd Z9MvvRT1LwMPD43XZDq0xl5p851v8De0YTreTV57xxiiEyJa75UvTye5qfarGRIeL9MAwEh9Z/9g OMJKl1PW4qXPSKyt++jeDUpwVEAI8MeyzQLOtg==</ds:SignatureValue><ds:KeyInfo><ds:X509Da nfo></ds:signature><samlp:status> <samlp:statuscode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:status> </samlp:logoutresponse> 2.3 Identity provider request 2.3.1 Request message https://leijuke.testifederointi.suomi.fi/ds/disco?entityid=https%3a%2f%2flocalhost %2Fapp&return=https%3A%2F%2Flocalhost%2Fapp%2FSuccessDisco 2.3.2 Response message https://localhost/app?entityid=https%3a%2f%2ftestitunnistus.suomi.fi%2fvetumasso%2 Fapp 7 (7)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information