test

Sun Java System Access Manager 7.1 Federation and SAML Administration Guide

Queries and Responses

An entity can interact with a SAML authority using requests containing queries and responses containing assertions. AuthenticationQuery, AttributeQuery, and AuthorizationDecisionQuery XML tags containing requests for security information are wrapped within a <samlp:Request> XML tag and sent to a SAML authority. AuthenticationStatement, AttributeStatement, and AuthorizationDecisionStatement XML tags containing assertions of security information are wrapped within a <samlp:Response> XML tag and returned to the assertion consumer. See the following sections for more information.

Queries

A requesting party uses AuthenticationQuery, AttributeQuery, and AuthorizationDecisionQuery tags within a <samlp:Request> to ask for assertions about a particular entity from a SAML authority. Following is an example request containing an attribute query.


<samlp:Request
xmlns:samlp="urn:oasis:names:tc:SAML:1.1:protocol"
RequestID="s9c4a43c0265e904ca86f43c3e30034dd56582a79"
MajorVersion="1" MinorVersion="1"
IssueInstant="2006-01-09T11:33:48Z">
  <samlp:AttributeQuery>
   <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.1:assertion">
   <saml:NameIdentifier NameQualifier="dc=example,dc=com">uid=amadmin,dc=example,dc=com</saml:NameIdentifier>
   <saml:SubjectConfirmation>
   <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
   <saml:SubjectConfirmationData>
   </saml:SubjectConfirmationData>
   </saml:SubjectConfirmation>
   </saml:Subject>
  </samlp:AttributeQuery>
</samlp:Request>

Responses

A SAML authority uses AuthenticationStatement, AttributeStatement, and AuthorizationDecisionStatement tags within a <samlp:Response> to return information about an entity to the requesting party. Following is an example response containing an assertion. See Assertions for more information.


<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:1.1:protoco"
ResponseID="s757013615ab8ab95ffe272f9e377aa6ed823d030"
InResponseTo="s9c4a43c0265e904ca86f43c3e30034dd56582a79"
MajorVersion="1" MinorVersion="1"
IssueInstant="2006-01-09T11:33:48Z"
Recipient="10.17.246.43">
  <samlp:Status>
  <samlp:StatusCode Value="samlp:Success"> 
  </samlp:StatusCode>
  </samlp:Status>
    <saml:Assertion
     xmlns:saml="urn:oasis:names:tc:SAML:1.1:assertion"
     MajorVersion="1" MinorVersion="1"
     AssertionID="s1f3764242b274a835475d5433b8c62020a0e39a80"
     Issuer="dde280-3.france.sun.com:80"
     IssueInstant="2006-01-09T09:44:48Z" >
    <saml:Conditions NotBefore="2006-01-09T09:41:48Z" NotOnOrAfter="2006-01-09T09:51:48Z">
    </saml:Conditions>
<!-- statements go here -->
</saml:Assertion>
</samlp:Response>