In this post
I am going to explain how to sign assertion using openSAML. To sign an assertion, I am
using keystore and x509 certificate.
Sample Output
Prevoius
Next
Home
If you don’t
know how to create keystore, go through following post.
After
creating KeyStore, you have to update following fields in TestAssertion.java
file.
private static String jksFile =
"/Users/harikrishna_gurram/keystore.jks";
private static String keyStorePassword =
"password123";
private static String keyPassword =
"password123";
private static String alias =
"certificate1";
After
updating run TestAssertion.java file.
There are
three classes.
a.
PublicKeyUtil.java: Work with key store and generate
private and public keys.
b. SAMLUtil.java:
Used to create SAML
elements like Assertion, Subject, Conditions etc.,
c. TestAssertion.java:
Generate SAML response.
Comments in
above programs are self explanatory, so I am not explaining them explicitly.
Following
are the maven dependencies I used.
<dependencies> <dependency> <groupId>org.opensaml</groupId> <artifactId>opensaml</artifactId> <version>2.6.4</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.12</version> </dependency> <dependency> <groupId>joda-time</groupId> <artifactId>joda-time</artifactId> <version>2.8.1</version> </dependency> <dependency> <groupId>xml-security</groupId> <artifactId>xmlsec</artifactId> <version>1.0.5D2</version> </dependency> <dependency> <groupId>org.apache.santuario</groupId> <artifactId>xmlsec</artifactId> <version>2.0.4</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-simple</artifactId> <version>1.7.12</version> </dependency> <dependency> <groupId>xalan</groupId> <artifactId>xalan</artifactId> <version>2.6.0</version> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <dependency> <groupId>org.apache.ws.security</groupId> <artifactId>wss4j</artifactId> <version>1.6.18</version> </dependency> </dependencies>
If you are
not using maven, download above libraries manually and place them in your
classpath.
import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.security.Key; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Base64; public class PublicKeyUtil { /** * Generates KeyPair specific to given algorithm * * @param algorithm * @return * @throws NoSuchAlgorithmException */ public static KeyPair getKeyPair(String algorithm) throws NoSuchAlgorithmException { KeyPairGenerator keyPairGenerator = KeyPairGenerator .getInstance(algorithm); return keyPairGenerator.generateKeyPair(); } /** * generate KeyPair from keystore * * @param jksFile * @param keyStorePassword * @param keyPassword * @param alias * @return * @throws Exception */ public static KeyPair getKeyPairFromKeyStore(String jksFile, String keyStorePassword, String keyPassword, String alias) throws Exception { FileInputStream is = new FileInputStream(jksFile); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(is, keyStorePassword.toCharArray()); KeyPair pair = null; Key key = keystore.getKey(alias, keyPassword.toCharArray()); if (key instanceof PrivateKey) { /* Get certificate of public key */ Certificate cert = keystore.getCertificate(alias); /* Get public key */ PublicKey publicKey = cert.getPublicKey(); /* Construct KeyPair object */ pair = new KeyPair(publicKey, (PrivateKey) key); } return pair; } /** * Load keystore from given jks file * * @param jksFile * @param keyStorePassword * @return * @throws Exception */ public static KeyStore getKeyStore(String jksFile, String keyStorePassword) throws Exception { FileInputStream is = new FileInputStream(jksFile); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(is, keyStorePassword.toCharArray()); return keystore; } /** * Return PublicKey from given KeyPair * * @param keyPair * @return */ public static PublicKey getPublicKey(KeyPair keyPair) { return keyPair.getPublic(); } /** * Return PrivateKey from given KeyPair * * @param keyPair * @return */ public static PrivateKey getPrivateKey(KeyPair keyPair) { return keyPair.getPrivate(); } /** * Convert key to string. * * @param key * * @return String representation of key */ public static String keyToString(Key key) { /* Get key in encoding format */ byte encoded[] = key.getEncoded(); /* * Encodes the specified byte array into a String using Base64 encoding * scheme */ String encodedKey = Base64.getEncoder().encodeToString(encoded); return encodedKey; } /** * Save key to a file * * @param key * : key to save into file * @param fileName * : File name to store */ public static void saveKey(Key key, String fileName) { byte[] keyBytes = key.getEncoded(); File keyFile = new File(fileName); FileOutputStream fOutStream = null; try { fOutStream = new FileOutputStream(keyFile); fOutStream.write(keyBytes); } catch (Exception e) { e.printStackTrace(); } finally { if (fOutStream != null) { try { fOutStream.close(); } catch (IOException e) { e.printStackTrace(); } } } } /** * Returns the key stored in a file. * * @param fileName * @return * @throws Exception */ public static byte[] readKeyFromFile(String fileName) throws Exception { FileInputStream keyfis = new FileInputStream(fileName); byte[] key = new byte[keyfis.available()]; keyfis.read(key); keyfis.close(); return key; } /** * Generates public key from encoded byte array. * * @param encoded * @param algorithm * @return * @throws Exception */ public static PublicKey convertArrayToPubKey(byte encoded[], String algorithm) throws Exception { X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encoded); KeyFactory keyFactory = KeyFactory.getInstance(algorithm); PublicKey pubKey = keyFactory.generatePublic(pubKeySpec); return pubKey; } /** * Generates private key from encoded byte array. * * @param encoded * @param algorithm * @return * @throws Exception */ public static PrivateKey convertArrayToPriKey(byte encoded[], String algorithm) throws Exception { PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded); KeyFactory keyFactory = KeyFactory.getInstance(algorithm); PrivateKey priKey = keyFactory.generatePrivate(keySpec); return priKey; } /** * Generate X509Certificate from keystore, alias and password * * @param ks * @param alias * @param keyPassword * @return * @throws Exception */ public static X509Certificate getX509Certificate(KeyStore ks, String alias, String keyPassword) throws Exception { KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) ks .getEntry( alias, new KeyStore.PasswordProtection(keyPassword .toCharArray())); X509Certificate certificate = (X509Certificate) pkEntry .getCertificate(); return certificate; } }
import java.util.List; import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean; import org.apache.ws.security.saml.ext.bean.ConditionsBean; import org.apache.ws.security.saml.ext.bean.KeyInfoBean; import org.apache.ws.security.saml.ext.bean.SubjectBean; import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean; import org.apache.ws.security.saml.ext.builder.SAML2ComponentBuilder; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.AuthnStatement; import org.opensaml.saml2.core.Conditions; import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.core.SubjectConfirmation; import org.opensaml.saml2.core.SubjectConfirmationData; import org.opensaml.xml.security.SecurityException; public class SAMLUtil { /** * Method returns Assertion instacne * * @return Assertion instance */ public static Assertion getAssertion() { return SAML2ComponentBuilder.createAssertion(); } /** * Method returns Subject instance * * @param subjectBean * Represents SAML subject * @return Subject instance * @throws SecurityException * @throws WSSecurityException */ public static Subject getSubject(SubjectBean subjectBean) throws SecurityException, WSSecurityException { return SAML2ComponentBuilder.createSaml2Subject(subjectBean); } /** * Method returns SubjectConfirmation instance * * @param method * can be any of following two values. * * can be urn:oasis:names:tc:SAML:2.0:cm:holder-of-key * urn:oasis:names:tc:SAML:2.0:cm:sender-vouches (or) * urn:oasis:names:tc:SAML:2.0:cm:bearer * * @param subjectConfirmationData * @return */ public static SubjectConfirmation getSubjectConfirmation(String method, SubjectConfirmationData subjectConfirmationData) { return SAML2ComponentBuilder.createSubjectConfirmation(method, subjectConfirmationData); } /** * Method returns SubjectConfirmationData instance. * * @param subjectConfirmationDataBean * Represents SAML SubjectConfirmationData * @param keyInfoBean * Represents a KeyInfo structure that will be embedded in a SAML * Subject * @return SubjectConfirmationData instance. * @throws SecurityException * @throws WSSecurityException */ public static SubjectConfirmationData getSubjectConfirmationData( SubjectConfirmationDataBean subjectConfirmationDataBean, KeyInfoBean keyInfoBean) throws SecurityException, WSSecurityException { return SAML2ComponentBuilder.createSubjectConfirmationData( subjectConfirmationDataBean, keyInfoBean); } /** * Method returns Conditions instance. * * @param conditionsBean * Represents a SAML Conditions object * @return Conditions instance */ public static Conditions getConditionsElement(ConditionsBean conditionsBean) { return SAML2ComponentBuilder.createConditions(conditionsBean); } /** * Return List of AuthnStatement objects. * * @param authBeans * : Represents list of AuthenticationStatementBean objects. * AuthenticationStatementBean represents the raw data required * to create a SAML v1.1 or v2.0 authentication statement * @return List of AuthnStatement objects */ public static List<AuthnStatement> getAuthStatement( List<AuthenticationStatementBean> authBeans) { return SAML2ComponentBuilder.createAuthnStatement(authBeans); } }
import java.security.KeyPair; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.saml.ext.bean.AudienceRestrictionBean; import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean; import org.apache.ws.security.saml.ext.bean.ConditionsBean; import org.apache.ws.security.saml.ext.bean.ProxyRestrictionBean; import org.apache.ws.security.saml.ext.bean.SubjectBean; import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean; import org.joda.time.DateTime; import org.opensaml.Configuration; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.AuthnStatement; import org.opensaml.saml2.core.Conditions; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.core.SubjectConfirmation; import org.opensaml.saml2.core.SubjectConfirmationData; import org.opensaml.saml2.core.impl.ResponseMarshaller; import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.security.SecurityConfiguration; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.SecurityHelper; import org.opensaml.xml.security.x509.BasicX509Credential; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.SignatureException; import org.opensaml.xml.signature.Signer; import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Element; public class TestAssertion { private static String jksFile = "/Users/harikrishna_gurram/keystore.jks"; private static String keyStorePassword = "password123"; private static String keyPassword = "password123"; private static String alias = "certificate1"; public static void addSubjectToAssertion(Assertion assertion) throws SecurityException, WSSecurityException { /* Create and add subject to assertion */ SubjectBean subjectBean = new SubjectBean(); subjectBean.setSubjectName("Hari Krishna Gurram"); Subject subject = SAMLUtil.getSubject(subjectBean); /* Create SubjectConfirmation Object */ // Create SubjectConfirmationDataBean SubjectConfirmationDataBean subjectConfirmationDataBean = new SubjectConfirmationDataBean(); subjectConfirmationDataBean.setAddress("123.124.125.126"); DateTime dateTime = new DateTime(); DateTime afterTime = dateTime.plusMinutes(5); subjectConfirmationDataBean.setNotAfter(afterTime); subjectConfirmationDataBean.setNotBefore(dateTime); subjectConfirmationDataBean.setRecipient("http://abc.com"); // Initialize SubjectConfirmationData SubjectConfirmationData subjectConfirmationData = SAMLUtil .getSubjectConfirmationData(subjectConfirmationDataBean, null); // Initialize SubjectConfirmation SubjectConfirmation subjectConfirmation = SAMLUtil .getSubjectConfirmation( "urn:oasis:names:tc:SAML:2.0:cm:bearer", subjectConfirmationData); subject.getSubjectConfirmations().add(subjectConfirmation); assertion.setSubject(subject); } public static void addConditionsToAssertion(Assertion assertion) { DateTime dateTime = new DateTime(); /* Create and add Conditions element to assertion */ // Initialize ConditionsBean ConditionsBean conditionsBean = new ConditionsBean(); DateTime aftersserTime = dateTime.plusMinutes(10); conditionsBean.setNotAfter(aftersserTime); conditionsBean.setNotBefore(dateTime); conditionsBean.setOneTimeUse(true); conditionsBean.setTokenPeriodMinutes(5); // Create and add audience restriction to conditionsBean List<AudienceRestrictionBean> audienceRestrictions = new ArrayList<>(); AudienceRestrictionBean bean = new AudienceRestrictionBean(); bean.getAudienceURIs().add("Engineers"); bean.getAudienceURIs().add("Managers"); bean.getAudienceURIs().add("Testers"); audienceRestrictions.add(bean); conditionsBean.setAudienceRestrictions(audienceRestrictions); // Create and add ProxyRestrictionBean to conditions ProxyRestrictionBean proxyRestrictionBean = new ProxyRestrictionBean(); proxyRestrictionBean.setCount(3); conditionsBean.setProxyRestriction(proxyRestrictionBean); Conditions conditions = SAMLUtil.getConditionsElement(conditionsBean); assertion.setConditions(conditions); } public static void addAuthenticationStatement(Assertion assertion) { /* Create and add Authentication statement to assertion */ List<AuthenticationStatementBean> authBeans = new ArrayList<>(); AuthenticationStatementBean authBean = new AuthenticationStatementBean(); DateTime authTime = new DateTime(); authBean.setAuthenticationInstant(authTime); authBean.setAuthenticationMethod("SAML token-based authentication"); authBean.setSessionIndex("session_11"); authBeans.add(authBean); List<AuthnStatement> authStatements = SAMLUtil .getAuthStatement(authBeans); assertion.getAuthnStatements().addAll(authStatements); } public static void addSignatureToResponse(Response resp) throws Exception { Signature signature = getSignature(); resp.setSignature(signature); try { Configuration.getMarshallerFactory().getMarshaller(resp) .marshall(resp); } catch (MarshallingException e) { e.printStackTrace(); } try { Signer.signObject(signature); } catch (SignatureException e) { e.printStackTrace(); } } public static Signature getSignature() throws Exception { KeyPair keyPair = PublicKeyUtil.getKeyPairFromKeyStore(jksFile, keyStorePassword, keyPassword, alias); PrivateKey pk = keyPair.getPrivate(); KeyStore ks = PublicKeyUtil.getKeyStore(jksFile, keyStorePassword); X509Certificate certificate = PublicKeyUtil.getX509Certificate(ks, alias, keyPassword); BasicX509Credential signingCredential = new BasicX509Credential(); signingCredential.setEntityCertificate(certificate); signingCredential.setPrivateKey(pk); Signature signature = (Signature) Configuration.getBuilderFactory() .getBuilder(Signature.DEFAULT_ELEMENT_NAME) .buildObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(signingCredential); // This is also the default if a null SecurityConfiguration is specified SecurityConfiguration secConfig = Configuration .getGlobalSecurityConfiguration(); try { SecurityHelper.prepareSignatureParams(signature, signingCredential, secConfig, null); } catch (SecurityException e) { e.printStackTrace(); } return signature; } public static void addSignatureToAssertion(Assertion assertion) throws Exception { Signature signature = getSignature(); assertion.setSignature(signature); try { Configuration.getMarshallerFactory().getMarshaller(assertion) .marshall(assertion); } catch (MarshallingException e) { e.printStackTrace(); } try { Signer.signObject(signature); } catch (SignatureException e) { e.printStackTrace(); } } public static void main(String args[]) throws Exception { /* Initializes the OpenSAML library */ DefaultBootstrap.bootstrap(); /* Create assertion */ Assertion assertion = SAMLUtil.getAssertion(); /* Add elements to assertion */ addSubjectToAssertion(assertion); addConditionsToAssertion(assertion); addAuthenticationStatement(assertion); addSignatureToAssertion(assertion); /* Create Response object */ Response resp = (Response) Configuration.getBuilderFactory() .getBuilder(Response.DEFAULT_ELEMENT_NAME) .buildObject(Response.DEFAULT_ELEMENT_NAME); /* Add assertion to response */ resp.getAssertions().add(assertion); //addSignatureToResponse(resp); ResponseMarshaller marshaller = new ResponseMarshaller(); Element plain = marshaller.marshall(resp); String samlResponse = XMLHelper.nodeToString(plain); System.out.println(samlResponse); } }
Sample Output
<?xml version="1.0" encoding="UTF-8"?> <saml2p:Response Version="2.0" xmlns="" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <ds:Signature xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <ds:SignedInfo xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" /> <ds:Reference URI="" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <ds:Transforms xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" /> <ds:DigestValue xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">UfWAtIilbJvllcJ0JXLCb0JEGFg= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> COt6e+i399OY//1Go4iRoYSG2jQ64uhUjyQ73vLOR3NvbmvtsN3MM2eaSrfLdrHg/kJsNHqSHzJ6 2PDhQ/4ksnt2unUcZQPDown+nbkqQkBY5rifUSQ2j3UkGveKkDYbVWA1Fo/CNoh6rYLzVskLGoBp IAnzxYO3D2L9OLitCwK5jNr+GczhOz9Sc0e0sWrrg8OickZlSpcOcUngMfJdVJYRCCD6qic2gUpv ztsWaLd4KWNYcFuJc+wrZG5YI0V3ZESgDVk8IIQ52l9LkUnX+FbadGIwN0rmikcjC58h62f5QJod S5t7jI//glUviZrZgoZH0fAUdECjVMk8pNCY3Q== </ds:SignatureValue> <ds:KeyInfo xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <ds:X509Data xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <ds:X509Certificate xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">MIIDrzCCApegAwIBAgIEEqEprjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMCSU4xEjAQBgNV BAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMRgwFgYDVQQKEw9TZWxmIGxlYXJuIEph dmExGDAWBgNVBAsTD1NlbGYgbGVhcm4gSmF2YTEcMBoGA1UEAxMTSGFyaSBLcmlzaG5hIEd1cnJh bTAeFw0xNTA3MDMwNzA5MTlaFw0xNTA3MTAwNzA5MTlaMIGHMQswCQYDVQQGEwJJTjESMBAGA1UE CBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxGDAWBgNVBAoTD1NlbGYgbGVhcm4gSmF2 YTEYMBYGA1UECxMPU2VsZiBsZWFybiBKYXZhMRwwGgYDVQQDExNIYXJpIEtyaXNobmEgR3VycmFt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyPKYKFkBcyU6r4+oYS77YJCLlhPBuxt 23hwTXsN2Rf9kJ5WPvwC8hfhiQP/Ck7DTLldufsaK+qlxftYYcd8+EQp3AqT+mFc5bWy+ZwLG1Iy Uyh+eXLVYiv3FemM3YpKQidRGzbzizso3sUwbk5Q0BERJ0EBM4Sley0zm2S/LsLED+A7xKMtL95G S3uscWPkE6kn6Gou2FXuGNPxXR7POlnZnE0XSfVH2qS7bzMffGtRm/+vptmdx1qUCXphcgjqGIOr V/Ad4olXQcXNbk8P9pnRK8G55Yf7TMhcs06p0KI6jgtnsdduj8U+vD4uKDuiMU2rmhC4l0N4nApG A89mOwIDAQABoyEwHzAdBgNVHQ4EFgQUrxIJulLp4tv3kr2TwjH8gUTqfDIwDQYJKoZIhvcNAQEL BQADggEBAH5LANqBCJmYHtQlNY+QPGPygGn36r8Dqa8eqn83e0m4qKBVPu0tdEbcLBru+5yvDcd9 sg/m5HW7EU+XLVF43pNQ0szLIH85o3+PpNqevGXNaZpA4NjOK0aV6AX8pED1cVObvTdvSu8mBNWM H3m375fyRdS7mWDlPBJG8gA1Ceg3ILcZr9dP2fn4YgNt8hCD4UlJLZS/RIxLud8+a6YWHp1WTpzb UqlcLycohTOnh6WzV+eHv919SonJuejqAfA3pnewGwXFN/wFY7zerAt0VrbiIFw4n7RUjI9YaHIw 1l5RvsZ+zj+1E6VLnw5VGr4QpJCj/d2j2yUj/vaZT4/PP3I= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2:Assertion ID="_24DE5C948226B36DD514363503940601" IssueInstant="2015-07-08T10:13:14.064Z" Version="2.0" xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="saml2:AssertionType"> <ds:Signature xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ds:SignedInfo xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> <ds:Reference URI="#_24DE5C948226B36DD514363503940601" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ds:Transforms xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> <ds:DigestValue xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">O5355ZQDTwJ9vb+hVbiW/AxVenc= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> qyu2jYMaj3/VQrFA4h0pKBc/TSmgwJxuO671bkJVXIgl8PFrJr7odPj4PZ9c9yfM81MjBP0ZrU6W Q2Tcmnk9PcJFNdhC7z/Jhd3Ti/SZ+ToxKZBlwsStmAhfNJeEq1WpAPnxsL0M7z/z7JhXCHKmjmTj 9c9aCUAt+hIAhCtRJPHrGS0B3rf9kb1HsiEF7Fv0uAaPVP1po3xZeh2tyS1Zgcb6H3ven4Unchnd ZGm7DbIB+ZqJmNnRktuRSxqvi+LVWk6tXyXkWbJbMfNKWrZgi33potZq6ElpdAcb1dH9EHyrz18o dvFAjMxTJCb41ZstYfpA+VZGmR/450zPwH9anQ== </ds:SignatureValue> <ds:KeyInfo xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ds:X509Data xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ds:X509Certificate xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">MIIDrzCCApegAwIBAgIEEqEprjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMCSU4xEjAQBgNV BAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMRgwFgYDVQQKEw9TZWxmIGxlYXJuIEph dmExGDAWBgNVBAsTD1NlbGYgbGVhcm4gSmF2YTEcMBoGA1UEAxMTSGFyaSBLcmlzaG5hIEd1cnJh bTAeFw0xNTA3MDMwNzA5MTlaFw0xNTA3MTAwNzA5MTlaMIGHMQswCQYDVQQGEwJJTjESMBAGA1UE CBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxGDAWBgNVBAoTD1NlbGYgbGVhcm4gSmF2 YTEYMBYGA1UECxMPU2VsZiBsZWFybiBKYXZhMRwwGgYDVQQDExNIYXJpIEtyaXNobmEgR3VycmFt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyPKYKFkBcyU6r4+oYS77YJCLlhPBuxt 23hwTXsN2Rf9kJ5WPvwC8hfhiQP/Ck7DTLldufsaK+qlxftYYcd8+EQp3AqT+mFc5bWy+ZwLG1Iy Uyh+eXLVYiv3FemM3YpKQidRGzbzizso3sUwbk5Q0BERJ0EBM4Sley0zm2S/LsLED+A7xKMtL95G S3uscWPkE6kn6Gou2FXuGNPxXR7POlnZnE0XSfVH2qS7bzMffGtRm/+vptmdx1qUCXphcgjqGIOr V/Ad4olXQcXNbk8P9pnRK8G55Yf7TMhcs06p0KI6jgtnsdduj8U+vD4uKDuiMU2rmhC4l0N4nApG A89mOwIDAQABoyEwHzAdBgNVHQ4EFgQUrxIJulLp4tv3kr2TwjH8gUTqfDIwDQYJKoZIhvcNAQEL BQADggEBAH5LANqBCJmYHtQlNY+QPGPygGn36r8Dqa8eqn83e0m4qKBVPu0tdEbcLBru+5yvDcd9 sg/m5HW7EU+XLVF43pNQ0szLIH85o3+PpNqevGXNaZpA4NjOK0aV6AX8pED1cVObvTdvSu8mBNWM H3m375fyRdS7mWDlPBJG8gA1Ceg3ILcZr9dP2fn4YgNt8hCD4UlJLZS/RIxLud8+a6YWHp1WTpzb UqlcLycohTOnh6WzV+eHv919SonJuejqAfA3pnewGwXFN/wFY7zerAt0VrbiIFw4n7RUjI9YaHIw 1l5RvsZ+zj+1E6VLnw5VGr4QpJCj/d2j2yUj/vaZT4/PP3I= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2:Subject xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Hari Krishna Gurram</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches" xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml2:SubjectConfirmationData Address="123.124.125.126" NotBefore="2015-07-08T10:13:14.089Z" NotOnOrAfter="2015-07-08T10:18:14.089Z" Recipient="http://abc.com" xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2015-07-08T10:13:14.090Z" NotOnOrAfter="2015-07-08T10:23:14.090Z" xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml2:AudienceRestriction xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml2:Audience xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Engineers</saml2:Audience> <saml2:Audience xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Managers</saml2:Audience> <saml2:Audience xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Testers</saml2:Audience> </saml2:AudienceRestriction> <saml2:OneTimeUse xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> <saml2:ProxyRestriction Count="3" xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> </saml2:Conditions> <saml2:AuthnStatement AuthnInstant="2015-07-08T10:13:14.094Z" SessionIndex="session_11" xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml2:AuthnContext xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml2:AuthnContextClassRef xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">SAML token-based authentication </saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> </saml2:Assertion> </saml2p:Response>
No comments:
Post a Comment