An entity can interact with a SAML authority using requests containing queries and responses containing assertions. AuthenticationQuery, AttributeQuery, and AuthorizationDecisionQuery XML tags containing requests for security information are wrapped within a <samlp:Request> XML tag and sent to a SAML authority. AuthenticationStatement, AttributeStatement, and AuthorizationDecisionStatement XML tags containing assertions of security information are wrapped within a <samlp:Response> XML tag and returned to the assertion consumer. See the following sections for more information.
A requesting party uses AuthenticationQuery, AttributeQuery, and AuthorizationDecisionQuery tags within a <samlp:Request> to ask for assertions about a particular entity from a SAML authority. Following is an example request containing an attribute query.
<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.1:protocol" RequestID="s9c4a43c0265e904ca86f43c3e30034dd56582a79" MajorVersion="1" MinorVersion="1" IssueInstant="2006-01-09T11:33:48Z"> <samlp:AttributeQuery> <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.1:assertion"> <saml:NameIdentifier NameQualifier="dc=example,dc=com">uid=amadmin,dc=example,dc=com</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod> <saml:SubjectConfirmationData> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> </samlp:AttributeQuery> </samlp:Request> |
A SAML authority uses AuthenticationStatement, AttributeStatement, and AuthorizationDecisionStatement tags within a <samlp:Response> to return information about an entity to the requesting party. Following is an example response containing an assertion. See Assertions for more information.
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.1:protoco" ResponseID="s757013615ab8ab95ffe272f9e377aa6ed823d030" InResponseTo="s9c4a43c0265e904ca86f43c3e30034dd56582a79" MajorVersion="1" MinorVersion="1" IssueInstant="2006-01-09T11:33:48Z" Recipient="10.17.246.43"> <samlp:Status> <samlp:StatusCode Value="samlp:Success"> </samlp:StatusCode> </samlp:Status> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.1:assertion" MajorVersion="1" MinorVersion="1" AssertionID="s1f3764242b274a835475d5433b8c62020a0e39a80" Issuer="dde280-3.france.sun.com:80" IssueInstant="2006-01-09T09:44:48Z" > <saml:Conditions NotBefore="2006-01-09T09:41:48Z" NotOnOrAfter="2006-01-09T09:51:48Z"> </saml:Conditions> <!-- statements go here --> </saml:Assertion> </samlp:Response> |