Saturday, 8 August 2015

Sign Assertion using openSAML

In this post I am going to explain how to sign assertion using openSAML. To sign an assertion, I am using keystore and x509 certificate.

If you don’t know how to create keystore, go through following post.


After creating KeyStore, you have to update following fields in TestAssertion.java file.
private static String jksFile = "/Users/harikrishna_gurram/keystore.jks";
private static String keyStorePassword = "password123";
private static String keyPassword = "password123";
private static String alias = "certificate1";

After updating run TestAssertion.java file.

There are three classes.
a.   PublicKeyUtil.java: Work with key store and generate private and public keys.
b.   SAMLUtil.java: Used to create SAML elements like Assertion, Subject, Conditions etc.,
c.    TestAssertion.java: Generate SAML response.

Comments in above programs are self explanatory, so I am not explaining them explicitly.

Following are the maven dependencies I used.
<dependencies>
  <dependency>
   <groupId>org.opensaml</groupId>
   <artifactId>opensaml</artifactId>
   <version>2.6.4</version>
  </dependency>
  <dependency>
   <groupId>org.slf4j</groupId>
   <artifactId>slf4j-api</artifactId>
   <version>1.7.12</version>
  </dependency>
  <dependency>
   <groupId>joda-time</groupId>
   <artifactId>joda-time</artifactId>
   <version>2.8.1</version>
  </dependency>
  <dependency>
   <groupId>xml-security</groupId>
   <artifactId>xmlsec</artifactId>
   <version>1.0.5D2</version>
  </dependency>
  <dependency>
   <groupId>org.apache.santuario</groupId>
   <artifactId>xmlsec</artifactId>
   <version>2.0.4</version>
  </dependency>

  <dependency>
   <groupId>org.slf4j</groupId>
   <artifactId>slf4j-simple</artifactId>
   <version>1.7.12</version>
  </dependency>

  <dependency>
   <groupId>xalan</groupId>
   <artifactId>xalan</artifactId>
   <version>2.6.0</version>
  </dependency>
  <dependency>
   <groupId>log4j</groupId>
   <artifactId>log4j</artifactId>
   <version>1.2.17</version>
  </dependency>
  <dependency>
   <groupId>org.apache.ws.security</groupId>
   <artifactId>wss4j</artifactId>
   <version>1.6.18</version>
  </dependency>

 </dependencies>

If you are not using maven, download above libraries manually and place them in your classpath.
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;

public class PublicKeyUtil {

 /**
  * Generates KeyPair specific to given algorithm
  * 
  * @param algorithm
  * @return
  * @throws NoSuchAlgorithmException
  */
 public static KeyPair getKeyPair(String algorithm)
   throws NoSuchAlgorithmException {
  KeyPairGenerator keyPairGenerator = KeyPairGenerator
    .getInstance(algorithm);
  return keyPairGenerator.generateKeyPair();
 }

 /**
  * generate KeyPair from keystore
  * 
  * @param jksFile
  * @param keyStorePassword
  * @param keyPassword
  * @param alias
  * @return
  * @throws Exception
  */
 public static KeyPair getKeyPairFromKeyStore(String jksFile,
   String keyStorePassword, String keyPassword, String alias)
   throws Exception {
  FileInputStream is = new FileInputStream(jksFile);

  KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
  keystore.load(is, keyStorePassword.toCharArray());

  KeyPair pair = null;

  Key key = keystore.getKey(alias, keyPassword.toCharArray());
  if (key instanceof PrivateKey) {
   /* Get certificate of public key */
   Certificate cert = keystore.getCertificate(alias);

   /* Get public key */
   PublicKey publicKey = cert.getPublicKey();

   /* Construct KeyPair object */
   pair = new KeyPair(publicKey, (PrivateKey) key);

  }
  return pair;
 }

 /**
  * Load keystore from given jks file
  * 
  * @param jksFile
  * @param keyStorePassword
  * @return
  * @throws Exception
  */
 public static KeyStore getKeyStore(String jksFile, String keyStorePassword)
   throws Exception {
  FileInputStream is = new FileInputStream(jksFile);

  KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
  keystore.load(is, keyStorePassword.toCharArray());
  return keystore;
 }

 /**
  * Return PublicKey from given KeyPair
  * 
  * @param keyPair
  * @return
  */
 public static PublicKey getPublicKey(KeyPair keyPair) {
  return keyPair.getPublic();
 }

 /**
  * Return PrivateKey from given KeyPair
  * 
  * @param keyPair
  * @return
  */
 public static PrivateKey getPrivateKey(KeyPair keyPair) {
  return keyPair.getPrivate();
 }

 /**
  * Convert key to string.
  * 
  * @param key
  * 
  * @return String representation of key
  */
 public static String keyToString(Key key) {
  /* Get key in encoding format */
  byte encoded[] = key.getEncoded();

  /*
   * Encodes the specified byte array into a String using Base64 encoding
   * scheme
   */
  String encodedKey = Base64.getEncoder().encodeToString(encoded);

  return encodedKey;
 }

 /**
  * Save key to a file
  * 
  * @param key
  *            : key to save into file
  * @param fileName
  *            : File name to store
  */
 public static void saveKey(Key key, String fileName) {
  byte[] keyBytes = key.getEncoded();
  File keyFile = new File(fileName);
  FileOutputStream fOutStream = null;
  try {
   fOutStream = new FileOutputStream(keyFile);
   fOutStream.write(keyBytes);
  } catch (Exception e) {
   e.printStackTrace();
  } finally {
   if (fOutStream != null) {
    try {
     fOutStream.close();
    } catch (IOException e) {
     e.printStackTrace();
    }
   }
  }
 }

 /**
  * Returns the key stored in a file.
  * 
  * @param fileName
  * @return
  * @throws Exception
  */
 public static byte[] readKeyFromFile(String fileName) throws Exception {
  FileInputStream keyfis = new FileInputStream(fileName);
  byte[] key = new byte[keyfis.available()];
  keyfis.read(key);
  keyfis.close();
  return key;
 }

 /**
  * Generates public key from encoded byte array.
  * 
  * @param encoded
  * @param algorithm
  * @return
  * @throws Exception
  */
 public static PublicKey convertArrayToPubKey(byte encoded[],
   String algorithm) throws Exception {
  X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encoded);
  KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
  PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);

  return pubKey;
 }

 /**
  * Generates private key from encoded byte array.
  * 
  * @param encoded
  * @param algorithm
  * @return
  * @throws Exception
  */
 public static PrivateKey convertArrayToPriKey(byte encoded[],
   String algorithm) throws Exception {
  PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
  KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
  PrivateKey priKey = keyFactory.generatePrivate(keySpec);
  return priKey;
 }

 /**
  * Generate X509Certificate from keystore, alias and password
  * 
  * @param ks
  * @param alias
  * @param keyPassword
  * @return
  * @throws Exception
  */
 public static X509Certificate getX509Certificate(KeyStore ks, String alias,
   String keyPassword) throws Exception {
  KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) ks
    .getEntry(
      alias,
      new KeyStore.PasswordProtection(keyPassword
        .toCharArray()));

  X509Certificate certificate = (X509Certificate) pkEntry
    .getCertificate();

  return certificate;
 }

}

import java.util.List;

import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
import org.apache.ws.security.saml.ext.bean.ConditionsBean;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
import org.apache.ws.security.saml.ext.builder.SAML2ComponentBuilder;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.xml.security.SecurityException;

public class SAMLUtil {
 /**
  * Method returns Assertion instacne
  * 
  * @return Assertion instance
  */
 public static Assertion getAssertion() {
  return SAML2ComponentBuilder.createAssertion();
 }

 /**
  * Method returns Subject instance
  * 
  * @param subjectBean
  *            Represents SAML subject
  * @return Subject instance
  * @throws SecurityException
  * @throws WSSecurityException
  */
 public static Subject getSubject(SubjectBean subjectBean)
   throws SecurityException, WSSecurityException {
  return SAML2ComponentBuilder.createSaml2Subject(subjectBean);
 }

 /**
  * Method returns SubjectConfirmation instance
  * 
  * @param method
  *            can be any of following two values.
  * 
  *            can be urn:oasis:names:tc:SAML:2.0:cm:holder-of-key
  *            urn:oasis:names:tc:SAML:2.0:cm:sender-vouches (or)
  *            urn:oasis:names:tc:SAML:2.0:cm:bearer
  * 
  * @param subjectConfirmationData
  * @return
  */
 public static SubjectConfirmation getSubjectConfirmation(String method,
   SubjectConfirmationData subjectConfirmationData) {
  return SAML2ComponentBuilder.createSubjectConfirmation(method,
    subjectConfirmationData);

 }

 /**
  * Method returns SubjectConfirmationData instance.
  * 
  * @param subjectConfirmationDataBean
  *            Represents SAML SubjectConfirmationData
  * @param keyInfoBean
  *            Represents a KeyInfo structure that will be embedded in a SAML
  *            Subject
  * @return SubjectConfirmationData instance.
  * @throws SecurityException
  * @throws WSSecurityException
  */
 public static SubjectConfirmationData getSubjectConfirmationData(
   SubjectConfirmationDataBean subjectConfirmationDataBean,
   KeyInfoBean keyInfoBean) throws SecurityException,
   WSSecurityException {
  return SAML2ComponentBuilder.createSubjectConfirmationData(
    subjectConfirmationDataBean, keyInfoBean);
 }

 /**
  * Method returns Conditions instance.
  * 
  * @param conditionsBean
  *            Represents a SAML Conditions object
  * @return Conditions instance
  */
 public static Conditions getConditionsElement(ConditionsBean conditionsBean) {
  return SAML2ComponentBuilder.createConditions(conditionsBean);
 }

 /**
  * Return List of AuthnStatement objects.
  * 
  * @param authBeans
  *            : Represents list of AuthenticationStatementBean objects.
  *            AuthenticationStatementBean represents the raw data required
  *            to create a SAML v1.1 or v2.0 authentication statement
  * @return List of AuthnStatement objects
  */
 public static List<AuthnStatement> getAuthStatement(
   List<AuthenticationStatementBean> authBeans) {
  return SAML2ComponentBuilder.createAuthnStatement(authBeans);
 }
}

import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;

import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.saml.ext.bean.AudienceRestrictionBean;
import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
import org.apache.ws.security.saml.ext.bean.ConditionsBean;
import org.apache.ws.security.saml.ext.bean.ProxyRestrictionBean;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.core.impl.ResponseMarshaller;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.SecurityConfiguration;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Element;

public class TestAssertion {

 private static String jksFile = "/Users/harikrishna_gurram/keystore.jks";
 private static String keyStorePassword = "password123";
 private static String keyPassword = "password123";
 private static String alias = "certificate1";

 public static void addSubjectToAssertion(Assertion assertion)
   throws SecurityException, WSSecurityException {
  /* Create and add subject to assertion */
  SubjectBean subjectBean = new SubjectBean();
  subjectBean.setSubjectName("Hari Krishna Gurram");
  Subject subject = SAMLUtil.getSubject(subjectBean);

  /* Create SubjectConfirmation Object */
  // Create SubjectConfirmationDataBean
  SubjectConfirmationDataBean subjectConfirmationDataBean = new SubjectConfirmationDataBean();
  subjectConfirmationDataBean.setAddress("123.124.125.126");
  DateTime dateTime = new DateTime();
  DateTime afterTime = dateTime.plusMinutes(5);
  subjectConfirmationDataBean.setNotAfter(afterTime);
  subjectConfirmationDataBean.setNotBefore(dateTime);
  subjectConfirmationDataBean.setRecipient("http://abc.com");

  // Initialize SubjectConfirmationData
  SubjectConfirmationData subjectConfirmationData = SAMLUtil
    .getSubjectConfirmationData(subjectConfirmationDataBean, null);

  // Initialize SubjectConfirmation
  SubjectConfirmation subjectConfirmation = SAMLUtil
    .getSubjectConfirmation(
      "urn:oasis:names:tc:SAML:2.0:cm:bearer",
      subjectConfirmationData);

  subject.getSubjectConfirmations().add(subjectConfirmation);
  assertion.setSubject(subject);

 }

 public static void addConditionsToAssertion(Assertion assertion) {
  DateTime dateTime = new DateTime();
  /* Create and add Conditions element to assertion */
  // Initialize ConditionsBean
  ConditionsBean conditionsBean = new ConditionsBean();
  DateTime aftersserTime = dateTime.plusMinutes(10);
  conditionsBean.setNotAfter(aftersserTime);
  conditionsBean.setNotBefore(dateTime);
  conditionsBean.setOneTimeUse(true);
  conditionsBean.setTokenPeriodMinutes(5);

  // Create and add audience restriction to conditionsBean
  List<AudienceRestrictionBean> audienceRestrictions = new ArrayList<>();

  AudienceRestrictionBean bean = new AudienceRestrictionBean();
  bean.getAudienceURIs().add("Engineers");
  bean.getAudienceURIs().add("Managers");
  bean.getAudienceURIs().add("Testers");

  audienceRestrictions.add(bean);

  conditionsBean.setAudienceRestrictions(audienceRestrictions);

  // Create and add ProxyRestrictionBean to conditions
  ProxyRestrictionBean proxyRestrictionBean = new ProxyRestrictionBean();
  proxyRestrictionBean.setCount(3);
  conditionsBean.setProxyRestriction(proxyRestrictionBean);

  Conditions conditions = SAMLUtil.getConditionsElement(conditionsBean);
  assertion.setConditions(conditions);

 }

 public static void addAuthenticationStatement(Assertion assertion) {
  /* Create and add Authentication statement to assertion */
  List<AuthenticationStatementBean> authBeans = new ArrayList<>();

  AuthenticationStatementBean authBean = new AuthenticationStatementBean();
  DateTime authTime = new DateTime();
  authBean.setAuthenticationInstant(authTime);
  authBean.setAuthenticationMethod("SAML token-based authentication");
  authBean.setSessionIndex("session_11");

  authBeans.add(authBean);

  List<AuthnStatement> authStatements = SAMLUtil
    .getAuthStatement(authBeans);

  assertion.getAuthnStatements().addAll(authStatements);
 }

 public static void addSignatureToResponse(Response resp) throws Exception {
  Signature signature = getSignature();
  resp.setSignature(signature);

  try {
   Configuration.getMarshallerFactory().getMarshaller(resp)
     .marshall(resp);
  } catch (MarshallingException e) {
   e.printStackTrace();
  }

  try {
   Signer.signObject(signature);
  } catch (SignatureException e) {
   e.printStackTrace();
  }
 }

 public static Signature getSignature() throws Exception {
  KeyPair keyPair = PublicKeyUtil.getKeyPairFromKeyStore(jksFile,
    keyStorePassword, keyPassword, alias);

  PrivateKey pk = keyPair.getPrivate();

  KeyStore ks = PublicKeyUtil.getKeyStore(jksFile, keyStorePassword);

  X509Certificate certificate = PublicKeyUtil.getX509Certificate(ks,
    alias, keyPassword);

  BasicX509Credential signingCredential = new BasicX509Credential();
  signingCredential.setEntityCertificate(certificate);
  signingCredential.setPrivateKey(pk);

  Signature signature = (Signature) Configuration.getBuilderFactory()
    .getBuilder(Signature.DEFAULT_ELEMENT_NAME)
    .buildObject(Signature.DEFAULT_ELEMENT_NAME);

  signature.setSigningCredential(signingCredential);

  // This is also the default if a null SecurityConfiguration is specified
  SecurityConfiguration secConfig = Configuration
    .getGlobalSecurityConfiguration();

  try {
   SecurityHelper.prepareSignatureParams(signature, signingCredential,
     secConfig, null);
  } catch (SecurityException e) {
   e.printStackTrace();
  }

  return signature;
 }

 public static void addSignatureToAssertion(Assertion assertion)
   throws Exception {

  Signature signature = getSignature();

  assertion.setSignature(signature);

  try {
   Configuration.getMarshallerFactory().getMarshaller(assertion)
     .marshall(assertion);
  } catch (MarshallingException e) {
   e.printStackTrace();
  }

  try {
   Signer.signObject(signature);
  } catch (SignatureException e) {
   e.printStackTrace();
  }
 }

 public static void main(String args[]) throws Exception {
  /* Initializes the OpenSAML library */
  DefaultBootstrap.bootstrap();

  /* Create assertion */
  Assertion assertion = SAMLUtil.getAssertion();

  /* Add elements to assertion */
  addSubjectToAssertion(assertion);
  addConditionsToAssertion(assertion);
  addAuthenticationStatement(assertion);
  addSignatureToAssertion(assertion);

  /* Create Response object */
  Response resp = (Response) Configuration.getBuilderFactory()
    .getBuilder(Response.DEFAULT_ELEMENT_NAME)
    .buildObject(Response.DEFAULT_ELEMENT_NAME);

  /* Add assertion to response */
  resp.getAssertions().add(assertion);
  //addSignatureToResponse(resp);

  ResponseMarshaller marshaller = new ResponseMarshaller();
  Element plain = marshaller.marshall(resp);

  String samlResponse = XMLHelper.nodeToString(plain);
  System.out.println(samlResponse);

 }
}

Sample Output    
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Version="2.0" xmlns=""
 xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
 <ds:Signature xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
  <ds:SignedInfo xmlns=""
   xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
   <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
    xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" />
   <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
    xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" />
   <ds:Reference URI="" xmlns=""
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <ds:Transforms xmlns=""
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
     <ds:Transform
      Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
      xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" />
     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
      xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" />
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
     xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
     xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" />
    <ds:DigestValue xmlns=""
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">UfWAtIilbJvllcJ0JXLCb0JEGFg=
    </ds:DigestValue>
   </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue xmlns=""
   xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
   COt6e+i399OY//1Go4iRoYSG2jQ64uhUjyQ73vLOR3NvbmvtsN3MM2eaSrfLdrHg/kJsNHqSHzJ6
   2PDhQ/4ksnt2unUcZQPDown+nbkqQkBY5rifUSQ2j3UkGveKkDYbVWA1Fo/CNoh6rYLzVskLGoBp
   IAnzxYO3D2L9OLitCwK5jNr+GczhOz9Sc0e0sWrrg8OickZlSpcOcUngMfJdVJYRCCD6qic2gUpv
   ztsWaLd4KWNYcFuJc+wrZG5YI0V3ZESgDVk8IIQ52l9LkUnX+FbadGIwN0rmikcjC58h62f5QJod
   S5t7jI//glUviZrZgoZH0fAUdECjVMk8pNCY3Q==
  </ds:SignatureValue>
  <ds:KeyInfo xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
   xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
   <ds:X509Data xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <ds:X509Certificate xmlns=""
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">MIIDrzCCApegAwIBAgIEEqEprjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMCSU4xEjAQBgNV
     BAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMRgwFgYDVQQKEw9TZWxmIGxlYXJuIEph
     dmExGDAWBgNVBAsTD1NlbGYgbGVhcm4gSmF2YTEcMBoGA1UEAxMTSGFyaSBLcmlzaG5hIEd1cnJh
     bTAeFw0xNTA3MDMwNzA5MTlaFw0xNTA3MTAwNzA5MTlaMIGHMQswCQYDVQQGEwJJTjESMBAGA1UE
     CBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxGDAWBgNVBAoTD1NlbGYgbGVhcm4gSmF2
     YTEYMBYGA1UECxMPU2VsZiBsZWFybiBKYXZhMRwwGgYDVQQDExNIYXJpIEtyaXNobmEgR3VycmFt
     MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyPKYKFkBcyU6r4+oYS77YJCLlhPBuxt
     23hwTXsN2Rf9kJ5WPvwC8hfhiQP/Ck7DTLldufsaK+qlxftYYcd8+EQp3AqT+mFc5bWy+ZwLG1Iy
     Uyh+eXLVYiv3FemM3YpKQidRGzbzizso3sUwbk5Q0BERJ0EBM4Sley0zm2S/LsLED+A7xKMtL95G
     S3uscWPkE6kn6Gou2FXuGNPxXR7POlnZnE0XSfVH2qS7bzMffGtRm/+vptmdx1qUCXphcgjqGIOr
     V/Ad4olXQcXNbk8P9pnRK8G55Yf7TMhcs06p0KI6jgtnsdduj8U+vD4uKDuiMU2rmhC4l0N4nApG
     A89mOwIDAQABoyEwHzAdBgNVHQ4EFgQUrxIJulLp4tv3kr2TwjH8gUTqfDIwDQYJKoZIhvcNAQEL
     BQADggEBAH5LANqBCJmYHtQlNY+QPGPygGn36r8Dqa8eqn83e0m4qKBVPu0tdEbcLBru+5yvDcd9
     sg/m5HW7EU+XLVF43pNQ0szLIH85o3+PpNqevGXNaZpA4NjOK0aV6AX8pED1cVObvTdvSu8mBNWM
     H3m375fyRdS7mWDlPBJG8gA1Ceg3ILcZr9dP2fn4YgNt8hCD4UlJLZS/RIxLud8+a6YWHp1WTpzb
     UqlcLycohTOnh6WzV+eHv919SonJuejqAfA3pnewGwXFN/wFY7zerAt0VrbiIFw4n7RUjI9YaHIw
     1l5RvsZ+zj+1E6VLnw5VGr4QpJCj/d2j2yUj/vaZT4/PP3I=
    </ds:X509Certificate>
   </ds:X509Data>
  </ds:KeyInfo>
 </ds:Signature>
 <saml2:Assertion ID="_24DE5C948226B36DD514363503940601"
  IssueInstant="2015-07-08T10:13:14.064Z" Version="2.0" xmlns=""
  xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="saml2:AssertionType">
  <ds:Signature xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
   xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <ds:SignedInfo xmlns=""
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
     xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
     xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
     xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
     xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
    <ds:Reference URI="#_24DE5C948226B36DD514363503940601"
     xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
     xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <ds:Transforms xmlns=""
      xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
      xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <ds:Transform
       Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
       xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
       xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
       xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
       xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
     </ds:Transforms>
     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
      xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
     <ds:DigestValue xmlns=""
      xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
      xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">O5355ZQDTwJ9vb+hVbiW/AxVenc=
     </ds:DigestValue>
    </ds:Reference>
   </ds:SignedInfo>
   <ds:SignatureValue xmlns=""
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    qyu2jYMaj3/VQrFA4h0pKBc/TSmgwJxuO671bkJVXIgl8PFrJr7odPj4PZ9c9yfM81MjBP0ZrU6W
    Q2Tcmnk9PcJFNdhC7z/Jhd3Ti/SZ+ToxKZBlwsStmAhfNJeEq1WpAPnxsL0M7z/z7JhXCHKmjmTj
    9c9aCUAt+hIAhCtRJPHrGS0B3rf9kb1HsiEF7Fv0uAaPVP1po3xZeh2tyS1Zgcb6H3ven4Unchnd
    ZGm7DbIB+ZqJmNnRktuRSxqvi+LVWk6tXyXkWbJbMfNKWrZgi33potZq6ElpdAcb1dH9EHyrz18o
    dvFAjMxTJCb41ZstYfpA+VZGmR/450zPwH9anQ==
   </ds:SignatureValue>
   <ds:KeyInfo xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <ds:X509Data xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
     xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <ds:X509Certificate xmlns=""
      xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
      xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">MIIDrzCCApegAwIBAgIEEqEprjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMCSU4xEjAQBgNV
      BAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMRgwFgYDVQQKEw9TZWxmIGxlYXJuIEph
      dmExGDAWBgNVBAsTD1NlbGYgbGVhcm4gSmF2YTEcMBoGA1UEAxMTSGFyaSBLcmlzaG5hIEd1cnJh
      bTAeFw0xNTA3MDMwNzA5MTlaFw0xNTA3MTAwNzA5MTlaMIGHMQswCQYDVQQGEwJJTjESMBAGA1UE
      CBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxGDAWBgNVBAoTD1NlbGYgbGVhcm4gSmF2
      YTEYMBYGA1UECxMPU2VsZiBsZWFybiBKYXZhMRwwGgYDVQQDExNIYXJpIEtyaXNobmEgR3VycmFt
      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyPKYKFkBcyU6r4+oYS77YJCLlhPBuxt
      23hwTXsN2Rf9kJ5WPvwC8hfhiQP/Ck7DTLldufsaK+qlxftYYcd8+EQp3AqT+mFc5bWy+ZwLG1Iy
      Uyh+eXLVYiv3FemM3YpKQidRGzbzizso3sUwbk5Q0BERJ0EBM4Sley0zm2S/LsLED+A7xKMtL95G
      S3uscWPkE6kn6Gou2FXuGNPxXR7POlnZnE0XSfVH2qS7bzMffGtRm/+vptmdx1qUCXphcgjqGIOr
      V/Ad4olXQcXNbk8P9pnRK8G55Yf7TMhcs06p0KI6jgtnsdduj8U+vD4uKDuiMU2rmhC4l0N4nApG
      A89mOwIDAQABoyEwHzAdBgNVHQ4EFgQUrxIJulLp4tv3kr2TwjH8gUTqfDIwDQYJKoZIhvcNAQEL
      BQADggEBAH5LANqBCJmYHtQlNY+QPGPygGn36r8Dqa8eqn83e0m4qKBVPu0tdEbcLBru+5yvDcd9
      sg/m5HW7EU+XLVF43pNQ0szLIH85o3+PpNqevGXNaZpA4NjOK0aV6AX8pED1cVObvTdvSu8mBNWM
      H3m375fyRdS7mWDlPBJG8gA1Ceg3ILcZr9dP2fn4YgNt8hCD4UlJLZS/RIxLud8+a6YWHp1WTpzb
      UqlcLycohTOnh6WzV+eHv919SonJuejqAfA3pnewGwXFN/wFY7zerAt0VrbiIFw4n7RUjI9YaHIw
      1l5RvsZ+zj+1E6VLnw5VGr4QpJCj/d2j2yUj/vaZT4/PP3I=
     </ds:X509Certificate>
    </ds:X509Data>
   </ds:KeyInfo>
  </ds:Signature>
  <saml2:Subject xmlns=""
   xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
    xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Hari
    Krishna Gurram</saml2:NameID>
   <saml2:SubjectConfirmation
    Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches" xmlns=""
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
   <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"
    xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <saml2:SubjectConfirmationData
     Address="123.124.125.126" NotBefore="2015-07-08T10:13:14.089Z"
     NotOnOrAfter="2015-07-08T10:18:14.089Z" Recipient="http://abc.com"
     xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
     xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
   </saml2:SubjectConfirmation>
  </saml2:Subject>
  <saml2:Conditions NotBefore="2015-07-08T10:13:14.090Z"
   NotOnOrAfter="2015-07-08T10:23:14.090Z" xmlns=""
   xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <saml2:AudienceRestriction xmlns=""
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <saml2:Audience xmlns=""
     xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Engineers</saml2:Audience>
    <saml2:Audience xmlns=""
     xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Managers</saml2:Audience>
    <saml2:Audience xmlns=""
     xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Testers</saml2:Audience>
   </saml2:AudienceRestriction>
   <saml2:OneTimeUse xmlns=""
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
   <saml2:ProxyRestriction Count="3" xmlns=""
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
  </saml2:Conditions>
  <saml2:AuthnStatement AuthnInstant="2015-07-08T10:13:14.094Z"
   SessionIndex="session_11" xmlns=""
   xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <saml2:AuthnContext xmlns=""
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <saml2:AuthnContextClassRef xmlns=""
     xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">SAML token-based authentication
    </saml2:AuthnContextClassRef>
   </saml2:AuthnContext>
  </saml2:AuthnStatement>
 </saml2:Assertion>
</saml2p:Response>



Prevoius                                                 Next                                                 Home

No comments:

Post a Comment