Sample Requests, Responses, and Metadata
This section includes some samples to show you what requests, responses, and metadata files might look like.
Table of Contents
- Sample Request: HTTP POST
- Sample Request: HTTP Redirect
- Sample Response: HTTP POST
- Sample Response: HTTP Artifact
- Sample Metadata File: Identity Provider
- Sample Metadata File: Service Provider
- Sample Artifact Resolve Request
- Sample Artifact Resolve Response
- Sample Assertion
Sample Request: HTTP POST
The example below shows a sample HTTP POST request to SSO Circle.
Message Headers:
POST /sso/SSOPOST/metaAlias/ssocircle HTTP/1.1 Host: idp.ssocircle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0 openid Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://acmepaymentscorp.com/api/login/ssoLogin?domain=idp-ssocircle&finalUrl=http%3A//acmepaymentscorp.com/ui/apps/atmosphere/_Vws1VQerwdBCGnF95K5OMUw/resources/console/global/relyingpartypostlogin.html%3Fdynamic%3Dtrue%26baseUrl%3Dhttp%3A//acmepaymentscorp.com/atmosphere Cookie: JSESSIONID=F26FD035748B3706D17B6C850791FF7A; JROUTE=C9en; __utma=161425727.1982119581.1415012088.1415012088.1415012088.1; __utmz=161425727.1415012088.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94376260.2017885730.1415012227.1415219015.1415528046.3; __utmz=94376260.1415528046.3.3.utmccn=(referral)|utmcsr=acmepaymentscorp.com|utmcct=/api/login/ssoLogin|utmcmd=referral; amlbcookie=91; __utmc=94376260; SSOCSession=AQIC5wM2LY4SfcxadFb3_TBcJQ6riqn7BuqUW0J6UEm01IA.*AAJTSQACMDIAAlNLABM1NTkzMTEzNzk4NzA5NzQ1ODgwAAJTMQACMDE.* Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 4284
Message Body:
SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwycDpBdXRoblJlcXVlc3QgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vYXRtb3NwaGVyZS5pbi9hcGkvbG9naW4vc3NvTG9naW4iIERlc3RpbmF0aW9uPSJodHRwczovL2lkcC5zc29jaXJjbGUuY29tOjQ0My9zc28vU1NPUE9TVC9tZXRhQWxpYXMvc3NvY2lyY2xlIiBGb3JjZUF1dGhuPSJmYWxzZSIgSUQ9Il84YmJkZTc2OTA4YzNiMmFhY2FkMDY1NmMzMzFkNDgzMiIgSXNQYXNzaXZlPSJmYWxzZSIgSXNzdWVJbnN0YW50PSIyMDE0LTExLTA5VDEyOjMyOjM2LjQ0MloiIFByb3RvY29sQmluZGluZz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmJpbmRpbmdzOkhUVFAtUE9TVCIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI%2BPHNhbWwyOklzc3VlciB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2Bc3Auc3NvY2lyY2xlLmNvbTwvc2FtbDI6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPgo8ZHM6UmVmZXJlbmNlIFVSST0iI184YmJkZTc2OTA4YzNiMmFhY2FkMDY1NmMzMzFkNDgzMiI%2BCjxkczpUcmFuc2Zvcm1zPgo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIIvPgo8L2RzOlRyYW5zZm9ybXM%2BCjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPgo8ZHM6RGlnZXN0VmFsdWU%2BRmkyMWZPZVBkQ3JHMnVqbkJjR2s0R1RLWUF3PTwvZHM6RGlnZXN0VmFsdWU%2BCjwvZHM6UmVmZXJlbmNlPgo8L2RzOlNpZ25lZEluZm8%2BCjxkczpTaWduYXR1cmVWYWx1ZT4KWE9lSWUwTjFySHhyWTlrNnZDWkYzVkM4eGV2T20rQXVpSktkOFkzUU84ZVc1U3NxdDJIazR3YllSeWJzNGpCK3MwFdtSVpwTW9TNwpPbmFpWWtSUVUxcW83S0x1QitvYWQ1dVJRYllqQ2x1NkswcjF2ZEFQdDhlN0lUYnF1TWFwbHZvMzI4RjB5cldRRVh0K0pwVENyM1BpCms2TXpxTmpRRkJMY3BGakNJQzQ9CjwvZHM6U2lnbmF0dXJlVmFsdWU%2BCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSURIekNDQWdlZ0F3SUJBZ0lDQStzd0RRWUpLb1pJaHZjTkFRRUZCUUF3Z2JneEN6QUpCZ05WQkFZVEFrbE9NUXN3Q1FZRFZRUUkKREFKVVV6RU1NQW9HQTFVRUJ3d0RTRmxFTVRjd05RWURWUVFLREM1VFQwRWdVMjltZEhkaGNtVWdSVzVuYVc1bFpYSnBibWNnU1c1awphV0VnVUhKcGRtRjBaU0JNYVcxcGRHVmtNUlF3RWdZRFZRUUxEQXRGYm1kcGJtVmxjbWx1WnpFL01EMEdBMVVFQXd3MlVHOXNhV041CklFMWhibUZuWlhJZ1EyVnlkR2xtYVdOaGRHVWdRWFYwYUc5eWFYUjVJQzBnUVVKVlNrRkhUMDVFUVMwMk5ETXdNQjRYRFRFME1URXcKTlRJd01qQXlNVm9YRFRFMU1URXdOVEl3TWpBeU1Wb3djREVMTUFrR0ExVUVCaE1DU1U0eEN6QUpCZ05WQkFnVEFsUlRNUXd3Q2dZRApWUVFIRXdOSVdVUXhGVEFUQmdOVkJBb1RERk5QUVNCVGIyWjBkMkZ5WlRFVU1CSUdBMVVFQ3hNTFJXNW5hVzVsWlhKcGJtY3hHVEFYCkJnTlZCQU1URUhOd0xuTnpiMk5wY21Oc1pTNWpiMjB3Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQUpWKzJ4VE0KVXBaeWp3STdOTldoZS8zSndLNFF3cjhicGd5UkpDdjdWTC9qR2xEUTN0NGg1U0VYMlhwMlpRQURVUUpuV3gwRmJ0ZFBZU29PdE1XLwoyNlFDY2YrSWkreit3dFcxYXlzTlJ0NEdqZkI0NXRmc0RTMWY3cVpReTJ5MkVXSWRTN3FoRXlTa2JkWkpPR3l5cjNlbGpqdUx1Zm8rCjAzdVhYUkxqRitKRkFnTUJBQUV3RFFZSktvWklodmNOQVFFRkJRQURnZ0VCQUJ3MjF2NTgyNTZhdDhtTFRVcExWMEU3MlZ4OFJ2b0YKbjY3OGZsN0ltcm56Qlh6YmVralRWR1Frc2E3SkNuZVpqM3NFTTM0L0lnZW9DL3dtRUVyazh5REh6UjRJR3ZUUXdwcUVpT01JUFg5cQpqQ05zNHA0LzVndldvVU1nODdmM0dnb3JCQ1hYU3NZTUFCTzJHbGI1eSt4YkVtd2J5Ylhia1hIMVVsRDJ3a2pvN1VmQWVMVkRuT0RQCkpVSDRxc3hoakRvLzlJc0RKWk93ZnhmSXVhbHYvR2xzZkI3MzBvMkJibHVtYXp4UjE3bmh5Q2RpYnhxalZhQnVYRUJyc2wrSzZLeHcKTWZ0Vk82QXpFcklxVVZVR3FEL0lkcUVhWXBOWEFEbkIzTkhNclE3NmdnbmsrY2ZndDl4OXVHZzI4bi9WYm5HT1FUcEdLOVF0V1ZsVgpiZ3RBek1JPTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE%2BPGRzOktleVZhbHVlPjxkczpSU0FLZXlWYWx1ZT48ZHM6TW9kdWx1cz5sWDdiRk14U2xuS1BBanMwMWFGNy9jbkFyaERDdnh1bURKRWtLL3RVditNYVVORGUzaUhsSVJmWmVuWmxBQU5SQW1kYkhRVnUxMDloCktnNjB4Yi9icEFKeC80aUw3UDdDMWJWckt3MUczZ2FOOEhqbTErd05MVi91cGxETGJMWVJZaDFMdXFFVEpLUnQxa2s0YkxLdmQ2V08KTzR1NStqN1RlNWRkRXVNWDRrVT08L2RzOk1vZHVsdXM%2BPGRzOkV4cG9uZW50PkFRQUI8L2RzOkV4cG9uZW50PjwvZHM6UlNBS2V5VmFsdWU%2BPC9kczpLZXlWYWx1ZT48L2RzOktleUluZm8%2BPC9kczpTaWduYXR1cmU%2BPC9zYW1sMnA6QXV0aG5SZXF1ZXN0Pg%3D%3D&RelayState=Iw0KI1N1biBOb3YgMDkgMTg6MDI6MzYgSVNUIDIwMTQNCmZpbmFsVXJsPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi91aS9hcHBzL2F0bW9zcGhlcmUvX1Z3czFWUWVyd2RCQ0duRjk1SzVPTVV3L3Jlc291cmNlcy9jb25zb2xlL2dsb2JhbC9yZWx5aW5ncGFydHlwb3N0bG9naW4uaHRtbD9keW5hbWljXD10cnVlJmJhc2VVcmxcPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi9hdG1vc3BoZXJlDQpzc29SZXRyeUNvdW50PTANCmRvbWFpbj1pZHAtc3NvY2lyY2xlDQo%3D
Sample Request: HTTP Redirect
The example below shows a sample HTTP Redirect request to SSO Circle.
GET /sso/SSORedirect/metaAlias/ssocircle?SAMLRequest=nVbZkqrIFn33Kyo8j0YVg%2BAUp6ojGUQQUEbRlxsMCaJMkiDo1zdqVZ06Fd19%2B943Mtl75dpr7dzw8482TZ7OsERxnr32iRe8%2FwQzPw%2FiLHrtW%2Bb8edL%2F4633E7lpQhYzUFf7TIenGqLqCSAEy6rLY%2FMM1SksDVieYx9auvza31dVMcMwt0pzVOxhCV%2FiDHOLGEvyqHtCKJdvD%2F0nroOKM7e6n3%2FLQl1aHBQvXYgfl34CX%2Fw8nVHU8JaEGcZKh0FcQr%2FCUli5IIldhH3G9p%2FmeenDO8%2FXfugmqNsSudf%2Bf6Yjn4QT2p%2B4FOURFOlRY5%2BgCHI0hpTrDaddGFq7CMVn%2BCsRoRqKGarcrHrtkzhBPRPEMz41CXJGTWdD%2BmU0nu76T%2Bsyr3I%2FT5g4ewhXl9ksd1GMZpmbQjSr%2FJkBFHlGvuAz7xGEZgvTXD%2BDTsHQ9av%2Bk%2F1hAnkzobMlQ7OH7P%2BMV7wf3n97uDS7sy6%2FIvwzgPvhY%2F8NfZP9J%2FYV8u1ngGZGHHVu1SV8PyBAn2Y3TfPSDF%2FyMsJIHMcxfIp1MQGKox%2F9rofek2EgZmH%2BWLNulmex7ybx9d4BCqz2efAEkigv42qf%2Fg00gRH4DfoZtv5z52L2o4%2F9OuDO7l8i%2FUayRO4z2rvEB5gOw65xMx8%2BWbr42v%2Fx33vokWeWbobCvEzRt%2FX%2FRgdmZ5jkBQye0UdVH8z%2BPeLfSIX9BU0ujrq7%2BP8I91W0B4rtJjV8O08nzCHT2ilc5M6I9y%2BHXWBwrLxolNc7ha%2FBD1Kfmr%2Bvv3fMp8HvSUfpsGFDa%2BGJwNw0mzaISrOogZSNDuuQrq3TZT5VXeo4rwdROjxf5RrT9tx8u%2BY35uI0dd0GL4VkSm1O3rWn6Ef%2BKkbWDoBIE%2F0dqNQNKubE2QQSw1iTUpnw3GDQbvfXNeHEZJ3TC%2BvoLZG8ZQdlDOlmDXXULMPwLPXCjMhdwtdHcjkYDoajBca%2F%2Fqrpaw23upbwci%2Fy9uzQ%2BJRzK%2Fdzwd7uZ9jdkwq%2BKaLILa4sCyIYgUZkQCSyYIAaTttKy3wn7s%2B%2BCjR%2BzmigibyoZa8d90i1GbA1wTFZKRpqWG3L2Zom9jggWdaVVxSQC4CweKZpOGOe8IrpN%2BojaMmxtGnifGSR0zRYBHs%2FtSJ9Q2fuhk52jlR4qR8ZG%2FrYczdd0EIqgnSO7wxGcTdEEQj2UdG1ho%2FuYDIHqrmXBl2SnfhpUu%2BuPKZw%2BP1w0DSkJUyRu1HpnsgTey%2BdZztHjDTSvgRCknYv9oFgRZpj464wvbiOTossHmmWZBvH%2BcLEaV4zcFLllEZhKIczeVwx%2BaanmmKjHMBFsfPbJnHb%2FLLX%2BBwvK%2BD4kGCvsIZFfdEtMkGim4rWNGxXRa8rY9GlixtLa%2BcmMB9BucnN1bVmMKZH7vCAnF92Jm8pjHgHZVtF%2FqZZK5jA6T2SOz4LtZEz9eqRauGnKtoZ9MEj8SbaTb47y3TOctEWB4ooSJ1vDJDsAdmaSs8qdpdDI45VdbOH2FBqlpTWlBOviC66xJ7HtowdhITThhW1pw3eIZ2C3HVgliZlmxafe1Ww3hr5qlI2WI8caawfDsR4cB001YZwL0jVK0o4hAxFVyHiDCIcn3bahbyQ%2FEYMjPFpz1%2BMoxfspJVwuZRDmBwOtVyH%2BaCHD2vH0eXDfCDNQaQwAPB%2F1bBcFPEMYBqSONMTkh651SSVTauQbZwfk3Y70c%2F5vJeNxpMwGYtpmV0Z5%2BrB48G0Be2I3LHEZnB3GCJeGVKYGMGcxZqU58vj5NJdGp0ShbOpNcWJj1eKuHamp96BVRFVUBgdnTe5pUSTcTgUutHHsI5joK0CmBUpJB59GbQenzbexXO8o7MgrIQjm%2BMhH1shgLLNZStu3ZOsBXVC7f7A5dhURJy0WzVhG4q1m5wxIUEhMx7iOcl4SZ2611Ynxtn%2Bwgax154OtsvUDs%2BUKBksR8u26SlhZa9G4MqX4smyLeHEYWJw4t1toTqAy5ihulBKbTyKouw48MOomrbTWojISYbZXiasNLMQllOt2tiJ3fOiClwV8TF1v4%2BUz83PodNNo8dsun8GDfDbWsmDOqnRW%2BKMvbnSGkm2XIMDwgl3Psb8DJR7jj23dcpJ%2FHGJVdZ5oLiWysFhvEhEPdzBbJcAoOogDbyFZtcEPt33ltEIbz3MK4DUYlQsj9djlvDsctkQwjBy1cnikBKDRpVtrC4STvbkrb7dE3J94k1pqVfE8Uh58vIcjDar3oqq6cFhbEI6CPhacaij9aj8g%2FqtDL4t8gxm1RvQAHN%2F%2B7nz%2BBJ9LRv7TRTs68D%2BbaK%2Fvf8x%2Ff6r%2FPYn &RelayState=Iw0KI1N1biBOb3YgMDkgMTg6MTk6MzUgSVNUIDIwMTQNCmZpbmFsVXJsPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi91aS9hcHBzL2F0bW9zcGhlcmUvX1Z3czFWUWVyd2RCQ0duRjk1SzVPTVV3L3Jlc291cmNlcy9jb25zb2xlL2dsb2JhbC9yZWx5aW5ncGFydHlwb3N0bG9naW4uaHRtbD9keW5hbWljXD10cnVlJmJhc2VVcmxcPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi9hdG1vc3BoZXJlDQpzc29SZXRyeUNvdW50PTANCmRvbWFpbj1pZHAtc3NvY2lyY2xlDQo= &SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1 &Signature=QAJ6BU5zuIytWuTEdwqw%2BI9uSm3QVgo9n1REX7FqLkXo%2BpH%2BDIdy4XheIkytyaDfnnDcVcOH7vQCSw4DbzdH30Unmg%2BEqjbUTbcPvgyJvv%2FKKBS%2FxyYDKNDyqTyUYq1ao%2Fspa3rtmZixki00VuUYo7PrZzjrGjHMyQ6ycfxsMDo%3D HTTP/1.1 Host: idp.ssocircle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 openid Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://acmepaymentscorp.com/atmosphere/ Cookie: JSESSIONID=F26FD035748B3706D17B6C850791FF7A; JROUTE=C9en; __utma=161425727.1982119581.1415012088.1415012088.1415012088.1; __utmz=161425727.1415012088.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94376260.2017885730.1415012227.1415219015.1415528046.3; __utmz=94376260.1415528046.3.3.utmccn=(referral)|utmcsr=acmepaymentscorp.com|utmcct=/api/login/ssoLogin|utmcmd=referral; amlbcookie=91; SSOCSession=AQIC5wM2LY4SfcxadFb3_TBcJQ6riqn7BuqUW0J6UEm01IA.*AAJTSQACMDIAAlNLABM1NTkzMTEzNzk4NzA5NzQ1ODgwAAJTMQACMDE.* Connection: keep-alive
Sample Response: HTTP POST
The example below shows a sample HTTP POST response from SSO Circle.
Message Headers:
POST /api/login/ssoLogin HTTP/1.1 Host: acmepaymentscorp.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: JSESSIONID_platform=1h2mr9mg0ik1n8dxmliqmh2tf Content-Type: application/x-www-form-urlencoded Content-Length: 6741
Message Body:
SAMLResponse=PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6%0D%0AcHJvdG9jb2wiIElEPSJzMmZkMjEzNjIyZWIyOTI0ZDdmYTg1ODg2MjYzNzVmOTM1MDJjMDFhZTAi%0D%0AIEluUmVzcG9uc2VUbz0iXzhiYmRlNzY5MDhjM2IyYWFjYWQwNjU2YzMzMWQ0ODMyIiBWZXJzaW9u%0D%0APSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0xMS0wOVQxMjozMjozN1oiIERlc3RpbmF0aW9uPSJo%0D%0AdHRwOi8vYXRtb3NwaGVyZS5pbi9hcGkvbG9naW4vc3NvTG9naW4iPjxzYW1sOklzc3VlciB4bWxu%0D%0AczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vaWRw%0D%0ALnNzb2NpcmNsZS5jb208L3NhbWw6SXNzdWVyPjxzYW1scDpTdGF0dXMgeG1sbnM6c2FtbHA9InVy%0D%0AbjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI%2BCjxzYW1scDpTdGF0dXNDb1RlICB4%0D%0AbWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIgpWYWx1ZT0i%0D%0AdXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIj4KPC9zYW1scDpTdGF0%0D%0AdXNDb1RlPgo8L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9h%0D%0Ac2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InMyMTJhNTI3ODJiYjM1Y2E0NTZk%0D%0ANGFmNzViYTc3NTkzZGMwZTc0ZTA0YSIgSXNzdWVJbnN0YW50PSIyMDE0LTExLTA5VDEyOjMyOjM3%0D%0AWiIgVmVyc2lvbj0iMi4wIj4KPHNhbWw6SXNzdWVyPmh0dHA6Ly9pZHAuc3NvY2lyY2xlLmNvbTwv%0D%0Ac2FtbDpJc3N1ZXI%2BPGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAw%0D%0AMC8wOS94bWxkc2lnIyI%2BCjxkczpTaWduZWRJbmZvPgo8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhv%0D%0AZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8%0D%0AZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94%0D%0AbWxkc2lnI3JzYS1zaGExIi8%2BCjxkczpSZWZlcmVuY2UgVVJJPSIjczIxMmE1Mjc4MmJiMzVjYTQ1%0D%0ANmQ0YWY3NWJhNzc1OTNkYzBlNzRlMDRhIj4KPGRzOlRyYW5zZm9ybXM%2BCjxkczpUcmFuc2Zvcm0g%0D%0AQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNp%0D%0AZ25hdHVyZSIvPgo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAw%0D%0AMS8xMC94bWwtZXhjLWMxNG4jIi8%2BCjwvZHM6VHJhbnNmb3Jtcz4KPGRzOkRpZ2VzdE1ldGhvZCBB%0D%0AbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8%2BCjxkczpE%0D%0AaWdlc3RWYWx1ZT5ZVTY5V0ppNjZudDROL2dkMExJL016TlVRUUk9PC9kczpEaWdlc3RWYWx1ZT4K%0D%0APC9kczpSZWZlcmVuY2U%2BCjwvZHM6U2lnbmVkSW5mbz4KPGRzOlNpZ25hdHVyZVZhbHVlPgphbUhN%0D%0AMjg1ZTcrWkxwOXZxejdabkk0WGV4L2EybU1tcE55YVdwRGpQbGFXY3N0OGhOdVRPVlVGd3hxQ2NO%0D%0AV0xWTzBCVHJKZTVpelhOCndIT3NmWS9DT1RqWTlqcnZPQ3hSR0pxakg0Z1pqU3p5clBYYlVPNGdu%0D%0AcDhoanlvbm80TG5QTm1rR0l0Nk1QU1pGNnY0NE1qUE05N3AKZW14TldIZGtaeFVFTGZ4KzRSTT0K%0D%0APC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8%2BCjxkczpYNTA5RGF0YT4KPGRzOlg1MDlD%0D%0AZXJ0aWZpY2F0ZT4KTUlJQ2pEQ0NBWFNnQXdJQkFnSUZBSlJ2eGNNd0RRWUpLb1pJaHZjTkFRRUVC%0D%0AUUF3TGpFTE1Ba0dBMVVFQmhNQ1JFVXhFakFRQmdOVgpCQW9UQ1ZOVFQwTnBjbU5zWlRFTE1Ba0dB%0D%0AMVVFQXhNQ1EwRXdIaGNOTVRFd05URTNNVGsxTnpJeFdoY05NVFl3T0RFM01UazFOekl4CldqQkxN%0D%0AUXN3Q1FZRFZRUUdFd0pFUlRFU01CQUdBMVVFQ2hNSlUxTlBRMmx5WTJ4bE1Rd3dDZ1lEVlFRTEV3%0D%0ATnBaSEF4R2pBWUJnTlYKQkFNVEVXbGtjQzV6YzI5amFYSmpiR1V1WTI5dE1JR2ZNQTBHQ1NxR1NJ%0D%0AYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRQ2J6RFJrdWRDLwphQzJnTXFSVlZhTGRQSkpFd3BGQjRv%0D%0ANzFmUjVibk5kMm9jbm5OekovVzlDb0Nhcmd6S3grRUo0Tm0zdldtWC9JWlJDRnZydnk5Qzc4CmZQ%0D%0AMWNtdDZTYTA5MUs5bHVhTUF5V243b0M4aC9ZQlhIN3JCNDJ0ZHZXTFk0S2w5Vkp5NlVDY2x2YXN5%0D%0AcmZLeCtTUjRLVTZ6Q3NNNjIKMkt2cDV3VzY3UUlEQVFBQm94Z3dGakFVQmdsZ2hrZ0JodmhDQVFF%0D%0AQkFmOEVCQU1DQkhBd0RRWUpLb1pJaHZjTkFRRUVCUUFEZ2dFQgpBSjBoZXVhN21GTzNRc3pkR3Ux%0D%0ATmJsR2FURFh0ZjZUeHRlMHpwWUl0KzhZVWN6YTJTYVpYWHZDTGI5RHZHeFcxVEpXYVpwUEdwSHo1%0D%0ACnRMWEpiZFlRbjd4VEFuTDR5UU9LTjZ1TnFVQS9hVFZneXlVSmtXWnQyZ2l3RXNXVXZHMFVCTVNQ%0D%0AUzF0cDJwVjJjNi9vbEljYmRZVTYKWmVjVXo2TjI0c1NTN2l0RUJDNm53Q1ZCb0hPTDh1Nk1zZnhN%0D%0ATER6SklQQkk2OFVaanozSU1LVERVRHY2VTlEdFltWExjOGlNVlpCbgpjWUpuOU5nTmkzZ2hsOWZZ%0D%0AUHBIY2M2UWJYZURVamhkelhYVXFHK2hCNkZhYkdxZFRka0lad29pNGdOcHlyM2thY0tSVldKc3NE%0D%0AZ2FrCmVMMk1vRE5xSnlRMGZYQzZaZTNmNzlDS3kvV2plVTVGTHdEWlIwUT0KPC9kczpYNTA5Q2Vy%0D%0AdGlmaWNhdGU%2BCjwvZHM6WDUwOURhdGE%2BCjwvZHM6S2V5SW5mbz4KPC9kczpTaWduYXR1cmU%2BPHNh%0D%0AbWw6U3ViamVjdD4KPHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6%0D%0AMi4wOm5hbWVpZC1mb3JtYXQ6cGVyc2lzdGVudCIgTmFtZVF1YWxpZmllcj0iaHR0cDovL2lkcC5z%0D%0Ac29jaXJjbGUuY29tIj5lTVVKK01wbENKRjYwSXBXUG5tUnhmbjN3bUhuPC9zYW1sOk5hbWVJRD48%0D%0Ac2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6%0D%0AMi4wOmNtOmJlYXJlciI%2BCjxzYW1sOlN1YmplY3RD125maXJtYXRpb25EYXRhIEluUmVzcG9uc2VU%0D%0Abz0iXzhiYmRlNzY5MDhjM2IyYWFjYWQwNjU2YzMzMWQ0ODMyIiBOb3RPbk9yQWZ0ZXI9IjIwMTQt%0D%0AMTEtMDlUMTI6NDI6MzdaIiBSZWNpcGllbnQ9Imh0dHA6Ly9hdG1vc3BoZXJlLmluL2FwaS9sb2dp%0D%0Abi9zc29Mb2dpbiIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPgo8L3NhbWw6U3ViamVjdD48%0D%0Ac2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0xMS0wOVQxMjoyMjozN1oiIE5vdE9uT3JB%0D%0AZnRlcj0iMjAxNC0xMS0wOVQxMjo0MjozN1oiPgo8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPgo8%0D%0Ac2FtbDpBdWRpZW5jZT5zcC5zc29jaXJjbGUuY29tPC9zYW1sOkF1ZGllbmNlPgo8L3NhbWw6QXVk%0D%0AaWVuY2VSZXN0cmljdGlvbj4KPC9zYW1sOkNvbmRpdGlvbnM%2BCjxzYW1sOkF1dGhuU3RhdGVtZW50%0D%0AIEF1dGhuSW5zdGFudD0iMjAxNC0xMS0wOVQxMDoxNDoxM1oiIFNlc3Npb25JbmRleD0iczI5NDhi%0D%0AMGU1NjY0YmVlNTJmMzE0NmI4ZDg1YjM0ZmUyOGEzYTc2MzAxIj48c2FtbDpBdXRobkNvbnRleHQ%2B%0D%0APHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY%2BdXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFj%0D%0AOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xh%0D%0Ac3NSZWY%2BPC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ%2BPHNhbWw6QXR0%0D%0AcmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJFbWFpbEFkZHJlc3MiPjxzYW1s%0D%0AOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVt%0D%0AYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIg%0D%0AeHNpOnR5cGU9InhzOnN0cmluZyI%2BYmFuaWwuY2JpdEBnbWFpbC5jb208L3NhbWw6QXR0cmlidXRl%0D%0AVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iRmlyc3ROYW1lIj48%0D%0Ac2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxT%0D%0AY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFu%0D%0AY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFuaWw8L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1s%0D%0AOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iTGFzdE5hbWUiPjxzYW1sOkF0dHJpYnV0%0D%0AZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6%0D%0AeHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9%0D%0AInhzOnN0cmluZyI%2BQnVqYWdvbmRhPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1%0D%0AdGU%2BPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVz%0D%0AcG9uc2U%2B &RelayState=Iw0KI1N1biBOb3YgMDkgMTg6MDI6MzYgSVNUIDIwMTQNCmZpbmFsVXJsPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi91aS9hcHBzL2F0bW9zcGhlcmUvX1Z3czFWUWVyd2RCQ0duRjk1SzVPTVV3L3Jlc291cmNlcy9jb25zb2xlL2dsb2JhbC9yZWx5aW5ncGFydHlwb3N0bG9naW4uaHRtbD9keW5hbWljXD10cnVlJmJhc2VVcmxcPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi9hdG1vc3BoZXJlDQpzc29SZXRyeUNvdW50PTANCmRvbWFpbj1pZHAtc3NvY2lyY2xlDQo%3D
Sample Response: HTTP Artifact
The example below shows a sample HTTP Artifact response from SSO Circle. GET /api/login/ssoLogin?SAMLart=AAQAALN%2Bk3vq4G80Xko1XPLwwxsvPbU%2F0k5pJmYcpWTJarjtzdkp9Q2yMDE%3D &RelayState=Iw0KI1N1biBOb3YgMDkgMTg6NDA6MzEgSVNUIDIwMTQNCmZpbmFsVXJsPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi91aS9hcHBzL2F0bW9zcGhlcmUvX1Z3czFWUWVyd2RCQ0duRjk1SzVPTVV3L3Jlc291cmNlcy9jb25zb2xlL2dsb2JhbC9yZWx5aW5ncGFydHlwb3N0bG9naW4uaHRtbD9keW5hbWljXD10cnVlJmJhc2VVcmxcPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi9hdG1vc3BoZXJlDQpzc29SZXRyeUNvdW50PTANCmRvbWFpbj1pZHAtc3NvY2lyY2xlDQo%3D HTTP/1.1 Host: acmepaymentscorp.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://acmepaymentscorp.com/atmosphere/ Cookie: JSESSIONID_platform=1fjtfzek7t4vk2w6thha0481g;
Sample Metadata File: Identity Provider
The example below is the generic IdP metadata file published by SSO circle at https://idp.ssocircle.com/.
<EntityDescriptor entityID="http://idp.ssocircle.com">
<IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>X_509_certificate_value</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>X_509_certificate_value</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">
<xenc:KeySize>128</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<ArtifactResolutionService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/ArtifactResolver/metaAlias/ssocircle"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/ssocircle" ResponseLocation="https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/ssocircle"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/IDPSloPost/metaAlias/ssocircle" ResponseLocation="https://idp.ssocircle.com:443/sso/IDPSloPost/metaAlias/ssocircle"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/IDPSloSoap/metaAlias/ssocircle"/>
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/IDPMniRedirect/metaAlias/ssocircle" ResponseLocation="https://idp.ssocircle.com:443/sso/IDPMniRedirect/metaAlias/ssocircle"/>
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/IDPMniPOSTmetaAlias/ssocircle" ResponseLocation="https://idp.ssocircle.com:443/sso/IDPMniPOST/metaAlias/ssocircle"/>
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/IDPMniSoap/metaAlias/ssocircle"/>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/ssocircle"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/SSOPOST/metaAlias/ssocircle"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/SSOSoap/metaAlias/ssocircle"/>
<NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/NIMSoap/metaAlias/ssocircle"/>
</IDPSSODescriptor>
</EntityDescriptor>
Sample Metadata File: Service Provider
In the sample metadata file shown below, the Service Provider is using SSO Circle as the Identity Provider.
For the sake of readability, certificates have been removed from the example below, and have been replaced with placeholders.
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor ID="sp.ssocircle.com" entityID="sp.ssocircle.com" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>{x.509_Certificate_Goes_here}</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>lX7bFMxSlnKPAjs01aF7/cnArhDCvxumDJEkK/tUv+MaUNDe3iHlIRfZenZlAANRAmdbHQVu109h
Kg60xb/bpAJx/4iL7P7C1bVrKw1G3gaN8Hjm1+wNLV/uplDLbLYRYh1LuqETJKRt1kk4bLKvd6WO
O4u5+j7Te5ddEuMX4kU=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>{x.509_Certificate_Goes_here}</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>lX7bFMxSlnKPAjs01aF7/cnArhDCvxumDJEkK/tUv+MaUNDe3iHlIRfZenZlAANRAmdbHQVu109h
Kg60xb/bpAJx/4iL7P7C1bVrKw1G3gaN8Hjm1+wNLV/uplDLbLYRYh1LuqETJKRt1kk4bLKvd6WO
O4u5+j7Te5ddEuMX4kU=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://acmepaymentscorp.in/api/login/ssoLogin" index="0" isDefault="true" />
</md:SPSSODescriptor>
</md:EntityDescriptor></p>
Sample Artifact Resolve Request
The example below shows a sample artifact resolve request where HTTP Artifact is used as the binding for the SAML response.
<saml2p:ArtifactResolve Destination="https://inlvm10:9031/idp/ARS.ssaml2" ID="_44213af2e2143e460bbaab99c5f3d76c" IssueInstant="2014-10-20T09:55:15.783Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">sp.redirect.in</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_44213af2e2143e460bbaab99c5f3d76c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>YoYOhIrJ9sHFjdp88KsX2tLdwKc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>BZP86nT4Zlo0X9XAsA0TnGNLOWb+Bozoo351lsxK3KWb8Jd1OnrZ+x0dMQJwS+3NjCJzvP/3PYve
NXCv+qoM9SGM0mYj/AVNB9G4ssqiONT6GBp3S2QH47mzU68OS9S0uXEdbIJAoU7SSdRuNWX/o01H
C1pk25fPUTssLry28Jk=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICPzCCAaigAwIBAgIIT3bnFBcGuFIwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCSU4xCzAJ
BgNVBAgTAlRTMQwwCgYDVQQHEwNIWUQxDDAKBgNVBAoTA1NPQTERMA8GA1UECxMIUHJvZHVjdHMx
FzAVBgNVBAMTDnNwLnJlZGlyZWN0LmluMB4XDTE0MTAyMDA5NDU1OFoXDTE1MTAyMDA5NDU1OFow
YjELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAlRTMQwwCgYDVQQHEwNIWUQxDDAKBgNVBAoTA1NPQTER
MA8GA1UECxMIUHJvZHVjdHMxFzAVBgNVBAMTDnNwLnJlZGlyZWN0LmluMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCrRsJmI1eRHRcMwjHUxytdC3wp79yKOg0U3Zx9bC3N6kSXPcYOlnd+KjIs
ChRG1mYldW1ahvmByGKM4aplI0Y2q3N2j91cDwJeGFd9b9tMnJHTWSDH8b1rAbF2zCQ45TDmJar+
FZefSzvtc3tOkt11Fc/AGhVOEsHDhP5p/QiySwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHUVlMhh
qYdT9gxqSRBE2ZdzCgCKdtT5QgihHoPH6Zsl/52OkIcOUIyHO5qZ1eXW9VsD79kmBtP6fYCJ07G3
hO7AzWRsEa+wp/Nts6D91IO+MKocGdMC7m8I1cY8ZmArbExK0NZa40Kl0/oXZbDem6td3+9udLt9
nQ3QR27abcti</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Artifact>AAQAANMHz4xHH5RgozwuezNtu6pBYWxe3CLwDN7V21DCQSXrkehzPZQr+zw=</saml2p:Artifact>
</saml2p:ArtifactResolve>
Sample Artifact Resolve Response
The example below shows a sample artifact resolve response where HTTP Artifact is used as the binding for the SAML response.
<samlp:ArtifactResponse Version="2.0" ID="Lr3PBW2qy02RJhUtnBS2Su1ER7G" IssueInstant="2014-10-20T09:54:19.499Z" InResponseTo="_44213af2e2143e460bbaab99c5f3d76c" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://inlvm10:9031</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<samlp:Response Version="2.0" ID="T3fgEsFwWAr_b8HThq1ps4i8Kju" IssueInstant="2014-10-20T09:54:18.106Z" InResponseTo="_822783897a4a2e30634b66803006b177">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://inlvm10:9031</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ID="ffOpZU94kDaPB9b5Iu7BrdHmpj6" IssueInstant="2014-10-20T09:54:18.110Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://inlvm10:9031</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#ffOpZU94kDaPB9b5Iu7BrdHmpj6">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>GM/ZGCR/g7ls6yWNo5DngRE8vRw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>TooIGEF0OF9ZiSdUS+1l2VUB5UfLbOURKfb2csFshh/+kE6tUD1ITB5CWwMVPYxcxGKGNP+egak2
xB0KP4RGd9KAhP7iMW+XGydyaIWkIwZJW9wX9fV4tscXHREp1cqB6pEiFrqfS0gCb88cEhNVdiUB
lSRb/wvblELZNPloH5k=</ds:SignatureValue>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://inlvm10:9031" SPNameQualifier="sp.redirect.in">9518405DBA65D46B61D26C6302F885FD7018FB2C</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient="http://example.com:9900/api/login/ssoLogin" NotOnOrAfter="2014-10-20T09:59:18.110Z" InResponseTo="_822783897a4a2e30634b66803006b177"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-10-20T09:49:18.110Z" NotOnOrAfter="2014-10-20T09:59:18.110Z">
<saml:AudienceRestriction>
<saml:Audience>sp.redirect.in</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement SessionIndex="ffOpZU94kDaPB9b5Iu7BrdHmpj6" AuthnInstant="2014-10-20T09:54:18.110Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">jane.saoirse@example.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jane</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Saoirse</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
</samlp:ArtifactResponse>
Sample Assertion
The example below shows a sample SAML Assertion.
<samlp:Response Version="2.0" ID="hrYt69818r5Hy0Ybr3SL6u.UF22" IssueInstant="2014-10-20T09:49:53.729Z" InResponseTo="_feff8076a12bfacfbfd46528adc0f410" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://inlvm10:9031</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ID="CD7IMSINXAUryvW2-WNPkcaFDFd" IssueInstant="2014-10-20T09:49:53.732Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://inlvm10:9031</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#CD7IMSINXAUryvW2-WNPkcaFDFd">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>F5S/9xcA7+zayq3ngJvCU9G5Wdg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>lS8M4EfwH687yjmg2UeVYL7R/GMFv1akSaKpUa54F9I30yV3XoEhOD/prei5wiIxJCyjTszjtExd
NX8L7SpMKreqDBYu2gXQZfbydLxR/ugk5SySh4ZP/teAXvUU6/Qu8Mu8s047lo2eeNogiBlVDEc6
QAJZ9qiRq8/XpOPYrq4=</ds:SignatureValue>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://inlvm10:9031" SPNameQualifier="sp.redirect.in">9518405DBA65D46B61D26C6302F885FD7018FB2C</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient="http://example.com:9900/api/login/ssoLogin" NotOnOrAfter="2014-10-20T09:54:53.733Z" InResponseTo="_feff8076a12bfacfbfd46528adc0f410"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-10-20T09:44:53.733Z" NotOnOrAfter="2014-10-20T09:54:53.733Z">
<saml:AudienceRestriction>
<saml:Audience>sp.redirect.in</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement SessionIndex="CD7IMSINXAUryvW2-WNPkcaFDFd" AuthnInstant="2014-10-20T09:49:53.732Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">jane.saoirse@example.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jane</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Saoirse</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
