A Code Example For SAML

最新推荐文章于 2025-11-16 15:46:59 发布

原创最新推荐文章于 2025-11-16 15:46:59 发布 · 1.5k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#authentication #exchange #methods #sun #user

XML 专栏收录该内容

5 篇文章

订阅专栏

博客围绕SAML标准展开，该标准用于用户与多个发行方间交换安全登录信息，允许发行方采用如PKI、哈希或密码等认证方法。文中给出了一个符合SAML的请求示例，请求发行方进行密码认证，还展示了发行方的响应断言。

A Code Example

Because the SAML standard is designed only for the exchange of secure sign-on information between a user, or "relying party," and multiple issuing parties, it allows issuing parties to use their own chosen methods of authentication for example, PKI, hash, or password.

Here, a sample SAML-compliant request is sent from a relying party requesting password authentication by the issuing party.

<samlp: Request ...>

<samlp: AttributeQuery>

    <saml: Subject>
      <saml: NameIdentifier
        SecurityDomain="sun. com"
        Name="rimap"/>
    </ saml: Subject>

    <saml: AttributeDesignator
      AttributeName="Employee_ ID"
      AttributeNamespace="sun. com">
    </ saml: AttributeDesignator>
</ samlp: AttributeQuery>
</ samlp: Request>

In response, the issuing authority asserts that the subject (S) was authenticated by means (M) at time (T).

<samlp: Response
MajorVersion="1" MinorVersion="0"
RequestID="128.14.234.20.90123456"
InResponseTo="123.45.678.90.12345678"
StatusCode="/features/2002/05/Success">

<saml: Assertion
    MajorVersion="1" MinorVersion="0"
    AssertionID="123.45.678.90.12345678"
    Issuer="Sun Microsystems, Inc."
    IssueInstant="2002- 01- 14T10: 00: 23Z">

    <saml: Conditions
      NotBefore="2002- 01- 14T10: 00: 30Z"
      NotAfter="2002- 01- 14T10: 15: 00Z" />

    <saml: AuthenticationStatement
    AuthenticationMethod="Password"
    AuthenticationInstant="2001- 01- 14T10: 00: 20Z">

      <saml: Subject>
        <saml: NameIdentifier
          SecurityDomain="sun. com"
          Name="rimap" />
      </ saml: Subject>
    </ saml: AuthenticationStatement>
</ saml: Assertion>
</ samlp: Response>