Sample Requests, Responses, and Metadata

This section includes some samples to show you what requests, responses, and metadata files might look like.

Table of Contents

  1. Sample Request: HTTP POST
  2. Sample Request: HTTP Redirect
  3. Sample Response: HTTP POST
  4. Sample Response: HTTP Artifact
  5. Sample Metadata File: Identity Provider
  6. Sample Metadata File: Service Provider
  7. Sample Artifact Resolve Request
  8. Sample Artifact Resolve Response
  9. Sample Assertion

Sample Request: HTTP POST

The example below shows a sample HTTP POST request to SSO Circle.

Message Headers:
POST /sso/SSOPOST/metaAlias/ssocircle HTTP/1.1
Host: idp.ssocircle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0 openid
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://acmepaymentscorp.com/api/login/ssoLogin?domain=idp-ssocircle&finalUrl=http%3A//acmepaymentscorp.com/ui/apps/atmosphere/_Vws1VQerwdBCGnF95K5OMUw/resources/console/global/relyingpartypostlogin.html%3Fdynamic%3Dtrue%26baseUrl%3Dhttp%3A//acmepaymentscorp.com/atmosphere
Cookie: JSESSIONID=F26FD035748B3706D17B6C850791FF7A; JROUTE=C9en; __utma=161425727.1982119581.1415012088.1415012088.1415012088.1; __utmz=161425727.1415012088.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94376260.2017885730.1415012227.1415219015.1415528046.3; __utmz=94376260.1415528046.3.3.utmccn=(referral)|utmcsr=acmepaymentscorp.com|utmcct=/api/login/ssoLogin|utmcmd=referral; amlbcookie=91; __utmc=94376260; SSOCSession=AQIC5wM2LY4SfcxadFb3_TBcJQ6riqn7BuqUW0J6UEm01IA.*AAJTSQACMDIAAlNLABM1NTkzMTEzNzk4NzA5NzQ1ODgwAAJTMQACMDE.*
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 4284
Message Body:
SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwycDpBdXRoblJlcXVlc3QgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vYXRtb3NwaGVyZS5pbi9hcGkvbG9naW4vc3NvTG9naW4iIERlc3RpbmF0aW9uPSJodHRwczovL2lkcC5zc29jaXJjbGUuY29tOjQ0My9zc28vU1NPUE9TVC9tZXRhQWxpYXMvc3NvY2lyY2xlIiBGb3JjZUF1dGhuPSJmYWxzZSIgSUQ9Il84YmJkZTc2OTA4YzNiMmFhY2FkMDY1NmMzMzFkNDgzMiIgSXNQYXNzaXZlPSJmYWxzZSIgSXNzdWVJbnN0YW50PSIyMDE0LTExLTA5VDEyOjMyOjM2LjQ0MloiIFByb3RvY29sQmluZGluZz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmJpbmRpbmdzOkhUVFAtUE9TVCIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI%2BPHNhbWwyOklzc3VlciB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2Bc3Auc3NvY2lyY2xlLmNvbTwvc2FtbDI6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPgo8ZHM6UmVmZXJlbmNlIFVSST0iI184YmJkZTc2OTA4YzNiMmFhY2FkMDY1NmMzMzFkNDgzMiI%2BCjxkczpUcmFuc2Zvcm1zPgo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIIvPgo8L2RzOlRyYW5zZm9ybXM%2BCjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPgo8ZHM6RGlnZXN0VmFsdWU%2BRmkyMWZPZVBkQ3JHMnVqbkJjR2s0R1RLWUF3PTwvZHM6RGlnZXN0VmFsdWU%2BCjwvZHM6UmVmZXJlbmNlPgo8L2RzOlNpZ25lZEluZm8%2BCjxkczpTaWduYXR1cmVWYWx1ZT4KWE9lSWUwTjFySHhyWTlrNnZDWkYzVkM4eGV2T20rQXVpSktkOFkzUU84ZVc1U3NxdDJIazR3YllSeWJzNGpCK3MwFdtSVpwTW9TNwpPbmFpWWtSUVUxcW83S0x1QitvYWQ1dVJRYllqQ2x1NkswcjF2ZEFQdDhlN0lUYnF1TWFwbHZvMzI4RjB5cldRRVh0K0pwVENyM1BpCms2TXpxTmpRRkJMY3BGakNJQzQ9CjwvZHM6U2lnbmF0dXJlVmFsdWU%2BCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSURIekNDQWdlZ0F3SUJBZ0lDQStzd0RRWUpLb1pJaHZjTkFRRUZCUUF3Z2JneEN6QUpCZ05WQkFZVEFrbE9NUXN3Q1FZRFZRUUkKREFKVVV6RU1NQW9HQTFVRUJ3d0RTRmxFTVRjd05RWURWUVFLREM1VFQwRWdVMjltZEhkaGNtVWdSVzVuYVc1bFpYSnBibWNnU1c1awphV0VnVUhKcGRtRjBaU0JNYVcxcGRHVmtNUlF3RWdZRFZRUUxEQXRGYm1kcGJtVmxjbWx1WnpFL01EMEdBMVVFQXd3MlVHOXNhV041CklFMWhibUZuWlhJZ1EyVnlkR2xtYVdOaGRHVWdRWFYwYUc5eWFYUjVJQzBnUVVKVlNrRkhUMDVFUVMwMk5ETXdNQjRYRFRFME1URXcKTlRJd01qQXlNVm9YRFRFMU1URXdOVEl3TWpBeU1Wb3djREVMTUFrR0ExVUVCaE1DU1U0eEN6QUpCZ05WQkFnVEFsUlRNUXd3Q2dZRApWUVFIRXdOSVdVUXhGVEFUQmdOVkJBb1RERk5QUVNCVGIyWjBkMkZ5WlRFVU1CSUdBMVVFQ3hNTFJXNW5hVzVsWlhKcGJtY3hHVEFYCkJnTlZCQU1URUhOd0xuTnpiMk5wY21Oc1pTNWpiMjB3Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQUpWKzJ4VE0KVXBaeWp3STdOTldoZS8zSndLNFF3cjhicGd5UkpDdjdWTC9qR2xEUTN0NGg1U0VYMlhwMlpRQURVUUpuV3gwRmJ0ZFBZU29PdE1XLwoyNlFDY2YrSWkreit3dFcxYXlzTlJ0NEdqZkI0NXRmc0RTMWY3cVpReTJ5MkVXSWRTN3FoRXlTa2JkWkpPR3l5cjNlbGpqdUx1Zm8rCjAzdVhYUkxqRitKRkFnTUJBQUV3RFFZSktvWklodmNOQVFFRkJRQURnZ0VCQUJ3MjF2NTgyNTZhdDhtTFRVcExWMEU3MlZ4OFJ2b0YKbjY3OGZsN0ltcm56Qlh6YmVralRWR1Frc2E3SkNuZVpqM3NFTTM0L0lnZW9DL3dtRUVyazh5REh6UjRJR3ZUUXdwcUVpT01JUFg5cQpqQ05zNHA0LzVndldvVU1nODdmM0dnb3JCQ1hYU3NZTUFCTzJHbGI1eSt4YkVtd2J5Ylhia1hIMVVsRDJ3a2pvN1VmQWVMVkRuT0RQCkpVSDRxc3hoakRvLzlJc0RKWk93ZnhmSXVhbHYvR2xzZkI3MzBvMkJibHVtYXp4UjE3bmh5Q2RpYnhxalZhQnVYRUJyc2wrSzZLeHcKTWZ0Vk82QXpFcklxVVZVR3FEL0lkcUVhWXBOWEFEbkIzTkhNclE3NmdnbmsrY2ZndDl4OXVHZzI4bi9WYm5HT1FUcEdLOVF0V1ZsVgpiZ3RBek1JPTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE%2BPGRzOktleVZhbHVlPjxkczpSU0FLZXlWYWx1ZT48ZHM6TW9kdWx1cz5sWDdiRk14U2xuS1BBanMwMWFGNy9jbkFyaERDdnh1bURKRWtLL3RVditNYVVORGUzaUhsSVJmWmVuWmxBQU5SQW1kYkhRVnUxMDloCktnNjB4Yi9icEFKeC80aUw3UDdDMWJWckt3MUczZ2FOOEhqbTErd05MVi91cGxETGJMWVJZaDFMdXFFVEpLUnQxa2s0YkxLdmQ2V08KTzR1NStqN1RlNWRkRXVNWDRrVT08L2RzOk1vZHVsdXM%2BPGRzOkV4cG9uZW50PkFRQUI8L2RzOkV4cG9uZW50PjwvZHM6UlNBS2V5VmFsdWU%2BPC9kczpLZXlWYWx1ZT48L2RzOktleUluZm8%2BPC9kczpTaWduYXR1cmU%2BPC9zYW1sMnA6QXV0aG5SZXF1ZXN0Pg%3D%3D&RelayState=Iw0KI1N1biBOb3YgMDkgMTg6MDI6MzYgSVNUIDIwMTQNCmZpbmFsVXJsPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi91aS9hcHBzL2F0bW9zcGhlcmUvX1Z3czFWUWVyd2RCQ0duRjk1SzVPTVV3L3Jlc291cmNlcy9jb25zb2xlL2dsb2JhbC9yZWx5aW5ncGFydHlwb3N0bG9naW4uaHRtbD9keW5hbWljXD10cnVlJmJhc2VVcmxcPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi9hdG1vc3BoZXJlDQpzc29SZXRyeUNvdW50PTANCmRvbWFpbj1pZHAtc3NvY2lyY2xlDQo%3D

Back to top

Sample Request: HTTP Redirect

The example below shows a sample HTTP Redirect request to SSO Circle.

GET /sso/SSORedirect/metaAlias/ssocircle?SAMLRequest=nVbZkqrIFn33Kyo8j0YVg%2BAUp6ojGUQQUEbRlxsMCaJMkiDo1zdqVZ06Fd19%2B943Mtl75dpr7dzw8482TZ7OsERxnr32iRe8%2FwQzPw%2FiLHrtW%2Bb8edL%2F4633E7lpQhYzUFf7TIenGqLqCSAEy6rLY%2FMM1SksDVieYx9auvza31dVMcMwt0pzVOxhCV%2FiDHOLGEvyqHtCKJdvD%2F0nroOKM7e6n3%2FLQl1aHBQvXYgfl34CX%2Fw8nVHU8JaEGcZKh0FcQr%2FCUli5IIldhH3G9p%2FmeenDO8%2FXfugmqNsSudf%2Bf6Yjn4QT2p%2B4FOURFOlRY5%2BgCHI0hpTrDaddGFq7CMVn%2BCsRoRqKGarcrHrtkzhBPRPEMz41CXJGTWdD%2BmU0nu76T%2Bsyr3I%2FT5g4ewhXl9ksd1GMZpmbQjSr%2FJkBFHlGvuAz7xGEZgvTXD%2BDTsHQ9av%2Bk%2F1hAnkzobMlQ7OH7P%2BMV7wf3n97uDS7sy6%2FIvwzgPvhY%2F8NfZP9J%2FYV8u1ngGZGHHVu1SV8PyBAn2Y3TfPSDF%2FyMsJIHMcxfIp1MQGKox%2F9rofek2EgZmH%2BWLNulmex7ybx9d4BCqz2efAEkigv42qf%2Fg00gRH4DfoZtv5z52L2o4%2F9OuDO7l8i%2FUayRO4z2rvEB5gOw65xMx8%2BWbr42v%2Fx33vokWeWbobCvEzRt%2FX%2FRgdmZ5jkBQye0UdVH8z%2BPeLfSIX9BU0ujrq7%2BP8I91W0B4rtJjV8O08nzCHT2ilc5M6I9y%2BHXWBwrLxolNc7ha%2FBD1Kfmr%2Bvv3fMp8HvSUfpsGFDa%2BGJwNw0mzaISrOogZSNDuuQrq3TZT5VXeo4rwdROjxf5RrT9tx8u%2BY35uI0dd0GL4VkSm1O3rWn6Ef%2BKkbWDoBIE%2F0dqNQNKubE2QQSw1iTUpnw3GDQbvfXNeHEZJ3TC%2BvoLZG8ZQdlDOlmDXXULMPwLPXCjMhdwtdHcjkYDoajBca%2F%2Fqrpaw23upbwci%2Fy9uzQ%2BJRzK%2Fdzwd7uZ9jdkwq%2BKaLILa4sCyIYgUZkQCSyYIAaTttKy3wn7s%2B%2BCjR%2BzmigibyoZa8d90i1GbA1wTFZKRpqWG3L2Zom9jggWdaVVxSQC4CweKZpOGOe8IrpN%2BojaMmxtGnifGSR0zRYBHs%2FtSJ9Q2fuhk52jlR4qR8ZG%2FrYczdd0EIqgnSO7wxGcTdEEQj2UdG1ho%2FuYDIHqrmXBl2SnfhpUu%2BuPKZw%2BP1w0DSkJUyRu1HpnsgTey%2BdZztHjDTSvgRCknYv9oFgRZpj464wvbiOTossHmmWZBvH%2BcLEaV4zcFLllEZhKIczeVwx%2BaanmmKjHMBFsfPbJnHb%2FLLX%2BBwvK%2BD4kGCvsIZFfdEtMkGim4rWNGxXRa8rY9GlixtLa%2BcmMB9BucnN1bVmMKZH7vCAnF92Jm8pjHgHZVtF%2FqZZK5jA6T2SOz4LtZEz9eqRauGnKtoZ9MEj8SbaTb47y3TOctEWB4ooSJ1vDJDsAdmaSs8qdpdDI45VdbOH2FBqlpTWlBOviC66xJ7HtowdhITThhW1pw3eIZ2C3HVgliZlmxafe1Ww3hr5qlI2WI8caawfDsR4cB001YZwL0jVK0o4hAxFVyHiDCIcn3bahbyQ%2FEYMjPFpz1%2BMoxfspJVwuZRDmBwOtVyH%2BaCHD2vH0eXDfCDNQaQwAPB%2F1bBcFPEMYBqSONMTkh651SSVTauQbZwfk3Y70c%2F5vJeNxpMwGYtpmV0Z5%2BrB48G0Be2I3LHEZnB3GCJeGVKYGMGcxZqU58vj5NJdGp0ShbOpNcWJj1eKuHamp96BVRFVUBgdnTe5pUSTcTgUutHHsI5joK0CmBUpJB59GbQenzbexXO8o7MgrIQjm%2BMhH1shgLLNZStu3ZOsBXVC7f7A5dhURJy0WzVhG4q1m5wxIUEhMx7iOcl4SZ2611Ynxtn%2Bwgax154OtsvUDs%2BUKBksR8u26SlhZa9G4MqX4smyLeHEYWJw4t1toTqAy5ihulBKbTyKouw48MOomrbTWojISYbZXiasNLMQllOt2tiJ3fOiClwV8TF1v4%2BUz83PodNNo8dsun8GDfDbWsmDOqnRW%2BKMvbnSGkm2XIMDwgl3Psb8DJR7jj23dcpJ%2FHGJVdZ5oLiWysFhvEhEPdzBbJcAoOogDbyFZtcEPt33ltEIbz3MK4DUYlQsj9djlvDsctkQwjBy1cnikBKDRpVtrC4STvbkrb7dE3J94k1pqVfE8Uh58vIcjDar3oqq6cFhbEI6CPhacaij9aj8g%2FqtDL4t8gxm1RvQAHN%2F%2B7nz%2BBJ9LRv7TRTs68D%2BbaK%2Fvf8x%2Ff6r%2FPYn
&RelayState=Iw0KI1N1biBOb3YgMDkgMTg6MTk6MzUgSVNUIDIwMTQNCmZpbmFsVXJsPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi91aS9hcHBzL2F0bW9zcGhlcmUvX1Z3czFWUWVyd2RCQ0duRjk1SzVPTVV3L3Jlc291cmNlcy9jb25zb2xlL2dsb2JhbC9yZWx5aW5ncGFydHlwb3N0bG9naW4uaHRtbD9keW5hbWljXD10cnVlJmJhc2VVcmxcPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi9hdG1vc3BoZXJlDQpzc29SZXRyeUNvdW50PTANCmRvbWFpbj1pZHAtc3NvY2lyY2xlDQo=
&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
&Signature=QAJ6BU5zuIytWuTEdwqw%2BI9uSm3QVgo9n1REX7FqLkXo%2BpH%2BDIdy4XheIkytyaDfnnDcVcOH7vQCSw4DbzdH30Unmg%2BEqjbUTbcPvgyJvv%2FKKBS%2FxyYDKNDyqTyUYq1ao%2Fspa3rtmZixki00VuUYo7PrZzjrGjHMyQ6ycfxsMDo%3D HTTP/1.1
Host: idp.ssocircle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 openid
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://acmepaymentscorp.com/atmosphere/
Cookie: JSESSIONID=F26FD035748B3706D17B6C850791FF7A; JROUTE=C9en; __utma=161425727.1982119581.1415012088.1415012088.1415012088.1; __utmz=161425727.1415012088.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94376260.2017885730.1415012227.1415219015.1415528046.3; __utmz=94376260.1415528046.3.3.utmccn=(referral)|utmcsr=acmepaymentscorp.com|utmcct=/api/login/ssoLogin|utmcmd=referral; amlbcookie=91; SSOCSession=AQIC5wM2LY4SfcxadFb3_TBcJQ6riqn7BuqUW0J6UEm01IA.*AAJTSQACMDIAAlNLABM1NTkzMTEzNzk4NzA5NzQ1ODgwAAJTMQACMDE.*
Connection: keep-alive

Back to top

Sample Response: HTTP POST

The example below shows a sample HTTP POST response from SSO Circle.

Message Headers:
POST /api/login/ssoLogin HTTP/1.1
Host: acmepaymentscorp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID_platform=1h2mr9mg0ik1n8dxmliqmh2tf
Content-Type: application/x-www-form-urlencoded
Content-Length: 6741
Message Body:
SAMLResponse=PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6%0D%0AcHJvdG9jb2wiIElEPSJzMmZkMjEzNjIyZWIyOTI0ZDdmYTg1ODg2MjYzNzVmOTM1MDJjMDFhZTAi%0D%0AIEluUmVzcG9uc2VUbz0iXzhiYmRlNzY5MDhjM2IyYWFjYWQwNjU2YzMzMWQ0ODMyIiBWZXJzaW9u%0D%0APSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0xMS0wOVQxMjozMjozN1oiIERlc3RpbmF0aW9uPSJo%0D%0AdHRwOi8vYXRtb3NwaGVyZS5pbi9hcGkvbG9naW4vc3NvTG9naW4iPjxzYW1sOklzc3VlciB4bWxu%0D%0AczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vaWRw%0D%0ALnNzb2NpcmNsZS5jb208L3NhbWw6SXNzdWVyPjxzYW1scDpTdGF0dXMgeG1sbnM6c2FtbHA9InVy%0D%0AbjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI%2BCjxzYW1scDpTdGF0dXNDb2RlICB4%0D%0AbWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIgpWYWx1ZT0i%0D%0AdXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIj4KPC9zYW1scDpTdGF0%0D%0AdXNDb2RlPgo8L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9h%0D%0Ac2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InMyMTJhNTI3ODJiYjM1Y2E0NTZk%0D%0ANGFmNzViYTc3NTkzZGMwZTc0ZTA0YSIgSXNzdWVJbnN0YW50PSIyMDE0LTExLTA5VDEyOjMyOjM3%0D%0AWiIgVmVyc2lvbj0iMi4wIj4KPHNhbWw6SXNzdWVyPmh0dHA6Ly9pZHAuc3NvY2lyY2xlLmNvbTwv%0D%0Ac2FtbDpJc3N1ZXI%2BPGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAw%0D%0AMC8wOS94bWxkc2lnIyI%2BCjxkczpTaWduZWRJbmZvPgo8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhv%0D%0AZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8%0D%0AZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94%0D%0AbWxkc2lnI3JzYS1zaGExIi8%2BCjxkczpSZWZlcmVuY2UgVVJJPSIjczIxMmE1Mjc4MmJiMzVjYTQ1%0D%0ANmQ0YWY3NWJhNzc1OTNkYzBlNzRlMDRhIj4KPGRzOlRyYW5zZm9ybXM%2BCjxkczpUcmFuc2Zvcm0g%0D%0AQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNp%0D%0AZ25hdHVyZSIvPgo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAw%0D%0AMS8xMC94bWwtZXhjLWMxNG4jIi8%2BCjwvZHM6VHJhbnNmb3Jtcz4KPGRzOkRpZ2VzdE1ldGhvZCBB%0D%0AbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8%2BCjxkczpE%0D%0AaWdlc3RWYWx1ZT5ZVTY5V0ppNjZudDROL2dkMExJL016TlVRUUk9PC9kczpEaWdlc3RWYWx1ZT4K%0D%0APC9kczpSZWZlcmVuY2U%2BCjwvZHM6U2lnbmVkSW5mbz4KPGRzOlNpZ25hdHVyZVZhbHVlPgphbUhN%0D%0AMjg1ZTcrWkxwOXZxejdabkk0WGV4L2EybU1tcE55YVdwRGpQbGFXY3N0OGhOdVRPVlVGd3hxQ2NO%0D%0AV0xWTzBCVHJKZTVpelhOCndIT3NmWS9DT1RqWTlqcnZPQ3hSR0pxakg0Z1pqU3p5clBYYlVPNGdu%0D%0AcDhoanlvbm80TG5QTm1rR0l0Nk1QU1pGNnY0NE1qUE05N3AKZW14TldIZGtaeFVFTGZ4KzRSTT0K%0D%0APC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8%2BCjxkczpYNTA5RGF0YT4KPGRzOlg1MDlD%0D%0AZXJ0aWZpY2F0ZT4KTUlJQ2pEQ0NBWFNnQXdJQkFnSUZBSlJ2eGNNd0RRWUpLb1pJaHZjTkFRRUVC%0D%0AUUF3TGpFTE1Ba0dBMVVFQmhNQ1JFVXhFakFRQmdOVgpCQW9UQ1ZOVFQwTnBjbU5zWlRFTE1Ba0dB%0D%0AMVVFQXhNQ1EwRXdIaGNOTVRFd05URTNNVGsxTnpJeFdoY05NVFl3T0RFM01UazFOekl4CldqQkxN%0D%0AUXN3Q1FZRFZRUUdFd0pFUlRFU01CQUdBMVVFQ2hNSlUxTlBRMmx5WTJ4bE1Rd3dDZ1lEVlFRTEV3%0D%0ATnBaSEF4R2pBWUJnTlYKQkFNVEVXbGtjQzV6YzI5amFYSmpiR1V1WTI5dE1JR2ZNQTBHQ1NxR1NJ%0D%0AYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRQ2J6RFJrdWRDLwphQzJnTXFSVlZhTGRQSkpFd3BGQjRv%0D%0ANzFmUjVibk5kMm9jbm5OekovVzlDb0Nhcmd6S3grRUo0Tm0zdldtWC9JWlJDRnZydnk5Qzc4CmZQ%0D%0AMWNtdDZTYTA5MUs5bHVhTUF5V243b0M4aC9ZQlhIN3JCNDJ0ZHZXTFk0S2w5Vkp5NlVDY2x2YXN5%0D%0AcmZLeCtTUjRLVTZ6Q3NNNjIKMkt2cDV3VzY3UUlEQVFBQm94Z3dGakFVQmdsZ2hrZ0JodmhDQVFF%0D%0AQkFmOEVCQU1DQkhBd0RRWUpLb1pJaHZjTkFRRUVCUUFEZ2dFQgpBSjBoZXVhN21GTzNRc3pkR3Ux%0D%0ATmJsR2FURFh0ZjZUeHRlMHpwWUl0KzhZVWN6YTJTYVpYWHZDTGI5RHZHeFcxVEpXYVpwUEdwSHo1%0D%0ACnRMWEpiZFlRbjd4VEFuTDR5UU9LTjZ1TnFVQS9hVFZneXlVSmtXWnQyZ2l3RXNXVXZHMFVCTVNQ%0D%0AUzF0cDJwVjJjNi9vbEljYmRZVTYKWmVjVXo2TjI0c1NTN2l0RUJDNm53Q1ZCb0hPTDh1Nk1zZnhN%0D%0ATER6SklQQkk2OFVaanozSU1LVERVRHY2VTlEdFltWExjOGlNVlpCbgpjWUpuOU5nTmkzZ2hsOWZZ%0D%0AUHBIY2M2UWJYZURVamhkelhYVXFHK2hCNkZhYkdxZFRka0lad29pNGdOcHlyM2thY0tSVldKc3NE%0D%0AZ2FrCmVMMk1vRE5xSnlRMGZYQzZaZTNmNzlDS3kvV2plVTVGTHdEWlIwUT0KPC9kczpYNTA5Q2Vy%0D%0AdGlmaWNhdGU%2BCjwvZHM6WDUwOURhdGE%2BCjwvZHM6S2V5SW5mbz4KPC9kczpTaWduYXR1cmU%2BPHNh%0D%0AbWw6U3ViamVjdD4KPHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6%0D%0AMi4wOm5hbWVpZC1mb3JtYXQ6cGVyc2lzdGVudCIgTmFtZVF1YWxpZmllcj0iaHR0cDovL2lkcC5z%0D%0Ac29jaXJjbGUuY29tIj5lTVVKK01wbENKRjYwSXBXUG5tUnhmbjN3bUhuPC9zYW1sOk5hbWVJRD48%0D%0Ac2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6%0D%0AMi4wOmNtOmJlYXJlciI%2BCjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VU%0D%0Abz0iXzhiYmRlNzY5MDhjM2IyYWFjYWQwNjU2YzMzMWQ0ODMyIiBOb3RPbk9yQWZ0ZXI9IjIwMTQt%0D%0AMTEtMDlUMTI6NDI6MzdaIiBSZWNpcGllbnQ9Imh0dHA6Ly9hdG1vc3BoZXJlLmluL2FwaS9sb2dp%0D%0Abi9zc29Mb2dpbiIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPgo8L3NhbWw6U3ViamVjdD48%0D%0Ac2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0xMS0wOVQxMjoyMjozN1oiIE5vdE9uT3JB%0D%0AZnRlcj0iMjAxNC0xMS0wOVQxMjo0MjozN1oiPgo8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPgo8%0D%0Ac2FtbDpBdWRpZW5jZT5zcC5zc29jaXJjbGUuY29tPC9zYW1sOkF1ZGllbmNlPgo8L3NhbWw6QXVk%0D%0AaWVuY2VSZXN0cmljdGlvbj4KPC9zYW1sOkNvbmRpdGlvbnM%2BCjxzYW1sOkF1dGhuU3RhdGVtZW50%0D%0AIEF1dGhuSW5zdGFudD0iMjAxNC0xMS0wOVQxMDoxNDoxM1oiIFNlc3Npb25JbmRleD0iczI5NDhi%0D%0AMGU1NjY0YmVlNTJmMzE0NmI4ZDg1YjM0ZmUyOGEzYTc2MzAxIj48c2FtbDpBdXRobkNvbnRleHQ%2B%0D%0APHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY%2BdXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFj%0D%0AOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xh%0D%0Ac3NSZWY%2BPC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ%2BPHNhbWw6QXR0%0D%0AcmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJFbWFpbEFkZHJlc3MiPjxzYW1s%0D%0AOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVt%0D%0AYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIg%0D%0AeHNpOnR5cGU9InhzOnN0cmluZyI%2BYmFuaWwuY2JpdEBnbWFpbC5jb208L3NhbWw6QXR0cmlidXRl%0D%0AVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iRmlyc3ROYW1lIj48%0D%0Ac2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxT%0D%0AY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFu%0D%0AY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFuaWw8L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1s%0D%0AOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iTGFzdE5hbWUiPjxzYW1sOkF0dHJpYnV0%0D%0AZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6%0D%0AeHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9%0D%0AInhzOnN0cmluZyI%2BQnVqYWdvbmRhPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1%0D%0AdGU%2BPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVz%0D%0AcG9uc2U%2B
&RelayState=Iw0KI1N1biBOb3YgMDkgMTg6MDI6MzYgSVNUIDIwMTQNCmZpbmFsVXJsPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi91aS9hcHBzL2F0bW9zcGhlcmUvX1Z3czFWUWVyd2RCQ0duRjk1SzVPTVV3L3Jlc291cmNlcy9jb25zb2xlL2dsb2JhbC9yZWx5aW5ncGFydHlwb3N0bG9naW4uaHRtbD9keW5hbWljXD10cnVlJmJhc2VVcmxcPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi9hdG1vc3BoZXJlDQpzc29SZXRyeUNvdW50PTANCmRvbWFpbj1pZHAtc3NvY2lyY2xlDQo%3D

Back to top

Sample Response: HTTP Artifact

The example below shows a sample HTTP Artifact response from SSO Circle.
GET /api/login/ssoLogin?SAMLart=AAQAALN%2Bk3vq4G80Xko1XPLwwxsvPbU%2F0k5pJmYcpWTJarjtzdkp9Q2yMDE%3D
&RelayState=Iw0KI1N1biBOb3YgMDkgMTg6NDA6MzEgSVNUIDIwMTQNCmZpbmFsVXJsPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi91aS9hcHBzL2F0bW9zcGhlcmUvX1Z3czFWUWVyd2RCQ0duRjk1SzVPTVV3L3Jlc291cmNlcy9jb25zb2xlL2dsb2JhbC9yZWx5aW5ncGFydHlwb3N0bG9naW4uaHRtbD9keW5hbWljXD10cnVlJmJhc2VVcmxcPWh0dHBcOi8vYXRtb3NwaGVyZS5pbi9hdG1vc3BoZXJlDQpzc29SZXRyeUNvdW50PTANCmRvbWFpbj1pZHAtc3NvY2lyY2xlDQo%3D HTTP/1.1
Host: acmepaymentscorp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://acmepaymentscorp.com/atmosphere/
Cookie: JSESSIONID_platform=1fjtfzek7t4vk2w6thha0481g;

Back to top

Sample Metadata File: Identity Provider

The example below is the generic IdP metadata file published by SSO circle at https://idp.ssocircle.com/.

<EntityDescriptor entityID="http://idp.ssocircle.com">
  <IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <KeyDescriptor use="signing">
      <ds:KeyInfo>
        <ds:X509Data>
          <ds:X509Certificate>X_509_certificate_value</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </KeyDescriptor>
    <KeyDescriptor use="encryption">
      <ds:KeyInfo>
        <ds:X509Data>
        <ds:X509Certificate>X_509_certificate_value</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">
        <xenc:KeySize>128</xenc:KeySize>
      </EncryptionMethod>
    </KeyDescriptor>
    <ArtifactResolutionService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/ArtifactResolver/metaAlias/ssocircle"/>
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/ssocircle" ResponseLocation="https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/ssocircle"/>
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/IDPSloPost/metaAlias/ssocircle" ResponseLocation="https://idp.ssocircle.com:443/sso/IDPSloPost/metaAlias/ssocircle"/>
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/IDPSloSoap/metaAlias/ssocircle"/>
    <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/IDPMniRedirect/metaAlias/ssocircle" ResponseLocation="https://idp.ssocircle.com:443/sso/IDPMniRedirect/metaAlias/ssocircle"/>
    <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/IDPMniPOSTmetaAlias/ssocircle" ResponseLocation="https://idp.ssocircle.com:443/sso/IDPMniPOST/metaAlias/ssocircle"/>
    <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/IDPMniSoap/metaAlias/ssocircle"/>
    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
    <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
    <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/ssocircle"/>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/SSOPOST/metaAlias/ssocircle"/>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/SSOSoap/metaAlias/ssocircle"/>
    <NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/NIMSoap/metaAlias/ssocircle"/>
  </IDPSSODescriptor>
</EntityDescriptor>

Back to top

Sample Metadata File: Service Provider

In the sample metadata file shown below, the Service Provider is using SSO Circle as the Identity Provider.

For the sake of readability, certificates have been removed from the example below, and have been replaced with placeholders.

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor ID="sp.ssocircle.com" entityID="sp.ssocircle.com" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
  <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>{x.509_Certificate_Goes_here}</ds:X509Certificate>
        </ds:X509Data>
        <ds:KeyValue>
          <ds:RSAKeyValue>
            <ds:Modulus>lX7bFMxSlnKPAjs01aF7/cnArhDCvxumDJEkK/tUv+MaUNDe3iHlIRfZenZlAANRAmdbHQVu109h
Kg60xb/bpAJx/4iL7P7C1bVrKw1G3gaN8Hjm1+wNLV/uplDLbLYRYh1LuqETJKRt1kk4bLKvd6WO
O4u5+j7Te5ddEuMX4kU=</ds:Modulus>
            <ds:Exponent>AQAB</ds:Exponent>
          </ds:RSAKeyValue>
        </ds:KeyValue>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>{x.509_Certificate_Goes_here}</ds:X509Certificate>
        </ds:X509Data>
        <ds:KeyValue>
          <ds:RSAKeyValue>
            <ds:Modulus>lX7bFMxSlnKPAjs01aF7/cnArhDCvxumDJEkK/tUv+MaUNDe3iHlIRfZenZlAANRAmdbHQVu109h
Kg60xb/bpAJx/4iL7P7C1bVrKw1G3gaN8Hjm1+wNLV/uplDLbLYRYh1LuqETJKRt1kk4bLKvd6WO
O4u5+j7Te5ddEuMX4kU=</ds:Modulus>
            <ds:Exponent>AQAB</ds:Exponent>
          </ds:RSAKeyValue>
        </ds:KeyValue>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://acmepaymentscorp.in/api/login/ssoLogin" index="0" isDefault="true" />
  </md:SPSSODescriptor>
</md:EntityDescriptor></p>

Back to top

Sample Artifact Resolve Request

The example below shows a sample artifact resolve request where HTTP Artifact is used as the binding for the SAML response.

<saml2p:ArtifactResolve Destination="https://inlvm10:9031/idp/ARS.ssaml2" ID="_44213af2e2143e460bbaab99c5f3d76c" IssueInstant="2014-10-20T09:55:15.783Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">sp.redirect.in</saml2:Issuer>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <ds:Reference URI="#_44213af2e2143e460bbaab99c5f3d76c">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <ds:DigestValue>YoYOhIrJ9sHFjdp88KsX2tLdwKc=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>BZP86nT4Zlo0X9XAsA0TnGNLOWb+Bozoo351lsxK3KWb8Jd1OnrZ+x0dMQJwS+3NjCJzvP/3PYve
NXCv+qoM9SGM0mYj/AVNB9G4ssqiONT6GBp3S2QH47mzU68OS9S0uXEdbIJAoU7SSdRuNWX/o01H
C1pk25fPUTssLry28Jk=</ds:SignatureValue>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>MIICPzCCAaigAwIBAgIIT3bnFBcGuFIwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCSU4xCzAJ
BgNVBAgTAlRTMQwwCgYDVQQHEwNIWUQxDDAKBgNVBAoTA1NPQTERMA8GA1UECxMIUHJvZHVjdHMx
FzAVBgNVBAMTDnNwLnJlZGlyZWN0LmluMB4XDTE0MTAyMDA5NDU1OFoXDTE1MTAyMDA5NDU1OFow
YjELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAlRTMQwwCgYDVQQHEwNIWUQxDDAKBgNVBAoTA1NPQTER
MA8GA1UECxMIUHJvZHVjdHMxFzAVBgNVBAMTDnNwLnJlZGlyZWN0LmluMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCrRsJmI1eRHRcMwjHUxytdC3wp79yKOg0U3Zx9bC3N6kSXPcYOlnd+KjIs
ChRG1mYldW1ahvmByGKM4aplI0Y2q3N2j91cDwJeGFd9b9tMnJHTWSDH8b1rAbF2zCQ45TDmJar+
FZefSzvtc3tOkt11Fc/AGhVOEsHDhP5p/QiySwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHUVlMhh
qYdT9gxqSRBE2ZdzCgCKdtT5QgihHoPH6Zsl/52OkIcOUIyHO5qZ1eXW9VsD79kmBtP6fYCJ07G3
hO7AzWRsEa+wp/Nts6D91IO+MKocGdMC7m8I1cY8ZmArbExK0NZa40Kl0/oXZbDem6td3+9udLt9
nQ3QR27abcti</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </ds:Signature>
  <saml2p:Artifact>AAQAANMHz4xHH5RgozwuezNtu6pBYWxe3CLwDN7V21DCQSXrkehzPZQr+zw=</saml2p:Artifact>
</saml2p:ArtifactResolve>

Back to top

Sample Artifact Resolve Response

The example below shows a sample artifact resolve response where HTTP Artifact is used as the binding for the SAML response.

<samlp:ArtifactResponse Version="2.0" ID="Lr3PBW2qy02RJhUtnBS2Su1ER7G" IssueInstant="2014-10-20T09:54:18.499Z" InResponseTo="_44213af2e2143e460bbaab99c5f3d76c" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://inlvm10:9031</saml:Issuer>
  <samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  </samlp:Status>
  <samlp:Response Version="2.0" ID="T3fgEsFwWAr_b8HThq1ps4i8Kju" IssueInstant="2014-10-20T09:54:18.106Z" InResponseTo="_822783897a4a2e30634b66803006b177">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://inlvm10:9031</saml:Issuer>
    <samlp:Status>
      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <saml:Assertion ID="ffOpZU94kDaPB9b5Iu7BrdHmpj6" IssueInstant="2014-10-20T09:54:18.110Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
      <saml:Issuer>https://inlvm10:9031</saml:Issuer>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#ffOpZU94kDaPB9b5Iu7BrdHmpj6">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>GM/ZGCR/g7ls6yWNo5DngRE8vRw=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>TooIGEF0OF9ZiSdUS+1l2VUB5UfLbOURKfb2csFshh/+kE6tUD1ITB5CWwMVPYxcxGKGNP+egak2
xB0KP4RGd9KAhP7iMW+XGydyaIWkIwZJW9wX9fV4tscXHREp1cqB6pEiFrqfS0gCb88cEhNVdiUB
lSRb/wvblELZNPloH5k=</ds:SignatureValue>
      </ds:Signature>
      <saml:Subject>
        <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://inlvm10:9031" SPNameQualifier="sp.redirect.in">9518405DBA65D46B61D26C6302F885FD7018FB2C</saml:NameID>
        <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
          <saml:SubjectConfirmationData Recipient="http://example.com:9900/api/login/ssoLogin" NotOnOrAfter="2014-10-20T09:59:18.110Z" InResponseTo="_822783897a4a2e30634b66803006b177"/>
        </saml:SubjectConfirmation>
      </saml:Subject>
      <saml:Conditions NotBefore="2014-10-20T09:49:18.110Z" NotOnOrAfter="2014-10-20T09:59:18.110Z">
        <saml:AudienceRestriction>
          <saml:Audience>sp.redirect.in</saml:Audience>
        </saml:AudienceRestriction>
      </saml:Conditions>
      <saml:AuthnStatement SessionIndex="ffOpZU94kDaPB9b5Iu7BrdHmpj6" AuthnInstant="2014-10-20T09:54:18.110Z">
        <saml:AuthnContext>
          <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
        </saml:AuthnContext>
      </saml:AuthnStatement>
      <saml:AttributeStatement>
        <saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
          <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">jane.saoirse@example.com</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
          <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jane</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
          <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Saoirse</saml:AttributeValue>
        </saml:Attribute>
      </saml:AttributeStatement>
    </saml:Assertion>
  </samlp:Response>
</samlp:ArtifactResponse>

Back to top

Sample Assertion

The example below shows a sample SAML Assertion.

<samlp:Response Version="2.0" ID="hrYt69818r5Hy0Ybr3SL6u.UF22" IssueInstant="2014-10-20T09:49:53.729Z" InResponseTo="_feff8076a12bfacfbfd46528adc0f410" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://inlvm10:9031</saml:Issuer>
  <samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  </samlp:Status>
  <saml:Assertion ID="CD7IMSINXAUryvW2-WNPkcaFDFd" IssueInstant="2014-10-20T09:49:53.732Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
    <saml:Issuer>https://inlvm10:9031</saml:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <ds:Reference URI="#CD7IMSINXAUryvW2-WNPkcaFDFd">
          <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:Transforms>
          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
          <ds:DigestValue>F5S/9xcA7+zayq3ngJvCU9G5Wdg=</ds:DigestValue>
        </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>lS8M4EfwH687yjmg2UeVYL7R/GMFv1akSaKpUa54F9I30yV3XoEhOD/prei5wiIxJCyjTszjtExd
NX8L7SpMKreqDBYu2gXQZfbydLxR/ugk5SySh4ZP/teAXvUU6/Qu8Mu8s047lo2eeNogiBlVDEc6
QAJZ9qiRq8/XpOPYrq4=</ds:SignatureValue>
    </ds:Signature>
    <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://inlvm10:9031" SPNameQualifier="sp.redirect.in">9518405DBA65D46B61D26C6302F885FD7018FB2C</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData Recipient="http://example.com:9900/api/login/ssoLogin" NotOnOrAfter="2014-10-20T09:54:53.733Z" InResponseTo="_feff8076a12bfacfbfd46528adc0f410"/>
      </saml:SubjectConfirmation>
    </saml:Subject>
    <saml:Conditions NotBefore="2014-10-20T09:44:53.733Z" NotOnOrAfter="2014-10-20T09:54:53.733Z">
      <saml:AudienceRestriction>
        <saml:Audience>sp.redirect.in</saml:Audience>
      </saml:AudienceRestriction>
    </saml:Conditions>
    <saml:AuthnStatement SessionIndex="CD7IMSINXAUryvW2-WNPkcaFDFd" AuthnInstant="2014-10-20T09:49:53.732Z">
      <saml:AuthnContext>
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
      </saml:AuthnContext>
    </saml:AuthnStatement>
    <saml:AttributeStatement>
      <saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">jane.saoirse@example.com</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jane</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Saoirse</saml:AttributeValue>
      </saml:Attribute>
    </saml:AttributeStatement>
  </saml:Assertion>
</samlp:Response>

Back to top