ComponentSpace

Forums



SAML Assertions, Subjects and Attributes


SAML Assertions, Subjects and Attributes

Author
Message
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The following is an example SAML assertion including a SAML subject and a number of SAML attributes.
The SAML subject identifies the user whose identity is being asserted by the identity provider.
The SAML attributes include additional information provided by the identity provider.

<saml:Assertion Version="2.0" ID="_db28e69a-f5cf-440d-b5b2-bf789b5b750f" IssueInstant="2014-02-22T01:17:27.948Z" 
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
  <saml:Issuer>urn:componentspace:ExampleIdentityProvider</saml:Issuer>
  <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">idp-user</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
          <saml:SubjectConfirmationData NotOnOrAfter="2014-02-22T01:20:27.956Z"  
              Recipient="
http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx"/>
      </saml:SubjectConfirmation>
  </saml:Subject>
  <saml:Conditions NotBefore="2014-02-22T01:14:27.95Z" NotOnOrAfter="2014-02-22T01:20:27.95Z">
      <saml:AudienceRestriction>
          <saml:Audience>urn:componentspace:ExampleServiceProvider</saml:Audience>
      </saml:AudienceRestriction>
  </saml:Conditions>
  <saml:AuthnStatement AuthnInstant="2014-02-22T01:17:27.958Z" 
                       SessionIndex="_db28e69a-f5cf-440d-b5b2-bf789b5b750f">
      <saml:AuthnContext>             
         <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
      </saml:AuthnContext>
  </saml:AuthnStatement>
  <saml:AttributeStatement>
    <saml:Attribute Name="membership-level">
      <saml:AttributeValue xsi:type="xs:string" xmlns:xs="
http://www.w3.org/2001/XMLSchema
          xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">platinum</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="membership-number">
      <saml:AttributeValue xsi:type="xs:string" xmlns:xs="
http://www.w3.org/2001/XMLSchema
          xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">12345678</saml:AttributeValue>
    </saml:Attribute>
  </saml:AttributeStatement>
</saml:Assertion>



Regards
ComponentSpace Development
Manjunath P R
Manjunath P R
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 3, Visits: 6
ComponentSpace - 2/21/2014
The following is an example SAML assertion including a SAML subject and a number of SAML attributes.
The SAML subject identifies the user whose identity is being asserted by the identity provider.
The SAML attributes include additional information provided by the identity provider.

<saml:Assertion Version="2.0" ID="_db28e69a-f5cf-440d-b5b2-bf789b5b750f" IssueInstant="2014-02-22T01:17:27.948Z" 
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
  <saml:Issuer>urn:componentspace:ExampleIdentityProvider</saml:Issuer>
  <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">idp-user</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
          <saml:SubjectConfirmationData NotOnOrAfter="2014-02-22T01:20:27.956Z"  
              Recipient="
http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx"/>
      </saml:SubjectConfirmation>
  </saml:Subject>
  <saml:Conditions NotBefore="2014-02-22T01:14:27.95Z" NotOnOrAfter="2014-02-22T01:20:27.95Z">
      <saml:AudienceRestriction>
          <saml:Audience>urn:componentspace:ExampleServiceProvider</saml:Audience>
      </saml:AudienceRestriction>
  </saml:Conditions>
  <saml:AuthnStatement AuthnInstant="2014-02-22T01:17:27.958Z" 
                       SessionIndex="_db28e69a-f5cf-440d-b5b2-bf789b5b750f">
      <saml:AuthnContext>             
         <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
      </saml:AuthnContext>
  </saml:AuthnStatement>
  <saml:AttributeStatement>
    <saml:Attribute Name="membership-level">
      <saml:AttributeValue xsi:type="xs:string" xmlns:xs="
http://www.w3.org/2001/XMLSchema
          xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">platinum</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="membership-number">
      <saml:AttributeValue xsi:type="xs:string" xmlns:xs="
http://www.w3.org/2001/XMLSchema
          xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">12345678</saml:AttributeValue>
    </saml:Attribute>
  </saml:AttributeStatement>
</saml:Assertion>


Hi,
I need to know how can we set the below in <saml:AttributeValue> .Please do the needful, this is very much required to configure one of our clients.
xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
This is done automatically if you're using the SAML high level API which is the recommended approach.
When you call SAMLIdentityProvider.InitiateSSO or SAMLIdentityProvider.SendSSO, the xsi:type and namespace declarations are included automatically with the SAML attribute value.
The example SAML assertion above was generated using the high-level API.
If you're generating a SAML assertion but these fields are not included, please include a section of your code.

Regards
ComponentSpace Development
Manjunath P R
Manjunath P R
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 3, Visits: 6
ComponentSpace - 11/28/2016
This is done automatically if you're using the SAML high level API which is the recommended approach.
When you call SAMLIdentityProvider.InitiateSSO or SAMLIdentityProvider.SendSSO, the xsi:type and namespace declarations are included automatically with the SAML attribute value.
The example SAML assertion above was generated using the high-level API.
If you're generating a SAML assertion but these fields are not included, please include a section of your code.

Hey,
Thanks a lot. In my case i had to use 
IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState);
Doesn't this work out?
I tried the below scenario which amazingly worked out, do let me know if this is the correct way? (highlighted change)

AttributeStatement attributeStatement = new AttributeStatement();
      SAMLAttribute samlattribute = new SAMLAttribute(p.Name, SAMLIdentifiers.AttributeNameFormats.Unspecified, null,"xs:string", Convert.ToString(p.GetValue(profile, null)));
      attributeStatement.Attributes.Add(samlattribute);
      samlAssertion.Statements.Add(attributeStatement);

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
That's correct. This is part of the SAML low-level API. You specify the attribute type in the constructor.

Regards
ComponentSpace Development
Manjunath P R
Manjunath P R
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 3, Visits: 6
ComponentSpace - 11/28/2016
That's correct. This is part of the SAML low-level API. You specify the attribute type in the constructor.

Thanks a lot for the quick response :)
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.  :)

Regards
ComponentSpace Development
Amol
Amol
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 7, Visits: 47
I want to generate saml as below and I am using below C# .Net code using ComponentSpace.SAML Version 2.1
I am pasting section code I am using to generate this but not sure how to add Array like or list like data in attribute i.e. multiple attribute values inside attaribute as below.
Please help here.
AttributeStatement attStatement = new AttributeStatement();
    foreach (SAMLModuleAttribute attb in lstAttributes)
    {
        attStatement.Attributes.Add(new SAMLAttribute(attb.AttributeName, SAMLIdentifiers.AttributeNameFormats.Basic, attb.FriendlyName, attb.AttributeValue));
   }

I also tried attStatement.Attributes.Add(new SAMLAttribute(attb.AttributeName, SAMLIdentifiers.AttributeNameFormats.Unspecified, null, "xs:string", attb.AttributeValue))
but it doesn't allowed as it goves compile time error "SAMLAttribute does not take contain a constructor that takes 5 arguments."
In above code AttributeName=Entity
and AttributeValue s will be >entity-value1 and entity-desc1 etc.
Please help me to resolve this.
<saml:Attribute Name="Entity" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string">entity-value1</saml:AttributeValue>
        <saml:AttributeValue xsi:type="xs:string">entity-desc1</saml:AttributeValue>
      </saml:Attribute>
<saml:Attribute Name="Entity" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string">entity-value2</saml:AttributeValue>
        <saml:AttributeValue xsi:type="xs:string">entity-desc2</saml:AttributeValue>
      </saml:Attribute>


Thanks,
Amol
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Version 2.1 is quite old so it's possible the overload you're trying to use doesn't exist in that version.
The following code creates the two attributes each with the two specified attribute values.


SAMLAttribute samlAttribute = new SAMLAttribute();
samlAttribute.Name = "Entity";
samlAttribute.NameFormat = SAMLIdentifiers.AttributeNameFormats.Basic;
samlAttribute.Values.Add(new AttributeValue("xs:string", "entity-value1"));
samlAttribute.Values.Add(new AttributeValue("xs:string", "entity-desc1"));

attributeStatement.Attributes.Add(samlAttribute);

samlAttribute = new SAMLAttribute();
samlAttribute.Name = "Entity";
samlAttribute.NameFormat = SAMLIdentifiers.AttributeNameFormats.Basic;
samlAttribute.Values.Add(new AttributeValue("xs:string", "entity-value2"));
samlAttribute.Values.Add(new AttributeValue("xs:string", "entity-desc2"));

attributeStatement.Attributes.Add(samlAttribute);




Regards
ComponentSpace Development
lucas
lucas
New Member
New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)

Group: Forum Members
Posts: 12, Visits: 103
Hi,

Can I add an email subject with a High Level API?
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search