SAML & Single Sign-On
by S. Srivatsa Sivan 


Listing One
GET http://www.portal.com 
HTTP 1.0
<other HTTP components >

Listing Two
HTTP 1.0 200 OK
Content-type : text/html
ContentLength : nnnn
<form>
  <...Login form...>
</form>
<other HTTP components >

Listing Three
POST http://www.portal.com 
HTTP 1.0
<form>
    <username=...... >
    <password=.......>
</form>
<other HTTP components >


Listing Four
<html>
  <body>
  <....other html components... >
    <a href=http://www.portal.com/AssertionCreator?
       serviceURL=www.greetings.com>
Greetings Service
  </a>
        <a href= other services url > Other Services </a>
</body>
</html>

Listing Five
<saml:Assertion 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
AssertionID="VN5zxvNB+vtelx5uiOdbKHtVmH+u" 
IssueInstant="2002-12-20T06:39:36Z" 
Issuer="http://www.portal.com" 
MajorVersion="1" 
MinorVersion="0" >
  <saml:Conditions NotBefore="2002-12-20T06:39:35Z"
NotOnOrAfter="2002-12-0T06:40:06Z">
    <saml:AudienceRestrictionCondition>
      <saml:Audience>http://www.greetings.com</saml:Audience>
    </saml:AudienceRestrictionCondition>
  </saml:Conditions>
  <saml:AuthenticationStatement AuthenticationMethod = "Password"
AuthenticationInstant="2002-12-20T06:39:36Z">
    <saml:Subject >
      <saml:NameIdentifier>Customer'sLoginName</saml:NameIdentifier>
      <saml:SubjectConfirmation>
        <saml:ConfirmationMethod>
          urn:oasis:names:tc:SAML:1.0:cm:artifact-01
        </saml:ConfirmationMethod>
      </saml:SubjectConfirmation>
    </saml:Subject>
  </saml:AuthenticationStatement>
</saml:Assertion>

Listing Six
GET http://www.greeting.com?SAMLart=<AssertionArtifact>
HTTP 1.0
<other http 1.0 components >

Listing Seven
POST  www.portal.com  HTTP1.0
Host: www.greetings.com
Content-type : text/xml
Content-length : nnnn
SOAPAction : http://www.oasis-open.org/committees/security
<soap-env:Envelope 
xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Header/>
<soap-env:Body>

<samlp:Request 
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
IssueInstant="2002-12-20T06:39:40Z" MajorVersion="1"
MinorVersion="0" RequestID="0PSbtwzxi03kwCGWhi/wCwN8JMBU">

<samlp:AssertionArtifact>
AAP5E18Eyd5Sm2ixiXrk9kaZ92HwMBtedSjAOqZlDqPsRp4NNNwW0R/h
      </samlp:AssertionArtifact>
      <samlp:RespondWith>
saml:AuthenticationStatement
      </samlp:RespondWith>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
[Digital Signature Elements]
      </ds:Signature>
</samlp:Request>
</soap-env:Body>
   </soap-env:Envelope>

Listing Eight
HTTP /1.0 200 OK 
Content-type : text/xml
Content_Length :nnn
<soap-env:Envelope 
xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
  <soap-env:Header/>
  <soap-env:Body>
    <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"  
InResponseTo="0PSbtwzxi03kwCGWhi/wCwN8JMBU"
        IssueInstant="2002-12-20T06:39:36Z" 
MajorVersion="1" 
MinorVersion="0" 
Recipient=http://www.greetings.com
ResponseID="t0isXqwoUc40E0XVnL5/BtZo6y2Y">

      <saml:Assertion 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
AssertionID="VN5zxvNB+vtelx5uiOdbKHtVmH+u" 
IssueInstant="2002-12-20T06:39:36Z" 
Issuer="http://www.portal.com" 
MajorVersion="1" 
MinorVersion="0" >
        <saml:Conditions NotBefore="2002-12-20T06:39:35Z" 
NotOnOrAfter="2002-12-0T06:40:06Z">
          <saml:AudienceRestrictionCondition>
            <saml:Audience>
              http://www.greetings.com
            </saml:Audience>
          </saml:AudienceRestrictionCondition>
        </saml:Conditions>
        <saml:AuthenticationStatement  AuthenticationMethod = "Password"
AuthenticationInstant="2002-12-20T06:39:36Z">
          <saml:Subject >
            <saml:NameIdentifier>
              CustomerUserName
            </saml:NameIdentifier>
            <saml:SubjectConfirmation>
              <saml:ConfirmationMethod>
                urn:oasis:names:tc:SAML:1.0:cm:artifact-01
              </saml:ConfirmationMethod>
            </saml:SubjectConfirmation>
          </saml:Subject>
        </saml:AuthenticationStatement>
      </saml:Assertion>
      <samlp:Status>
        <samlp:StatusCode Value="samlp:Success"/>
      </samlp:Status>
    </samlp:Response> 
  </soap-env:Body>
</soap-env:Envelope>





3


