THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Span | ||
---|---|---|
| ||
JAX-RS: SAML |
...
Table of Contents |
---|
Introduction
...
Code Block | ||||
---|---|---|---|---|
| ||||
<env:Envelope xmlns:env="http://org.apache.cxf/rs/env"> <Book ID="67ca6441-0c4e-4430-af0e-9463ce9226aa"> <id>125</id> <name>CXF</name> </Book> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <!-- Book signature, omitted for brewity --> </ds:Signature> <!-- SAML assertion with an enveloped signature --> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_62D574706635C0B9F413203247720501" IssueInstant="2011-11-03T12:52:52.050Z" Version="2.0" xsi:type="saml2:AssertionType"> <saml2:Issuer>https://idp.example.org/SAML2</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_62D574706635C0B9F413203247720501"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>IDD9nFocVm/7FpUbiGI3ZvpY2ps=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>JA2I7u/SmNsXGgWNdrLSovkipiM3JmGHsmpoP0EeIOwPwnLMx0WvV0C3xNGNiT1jOBe2uv8+WchtPoppGTC2JTJVX/t8PmKQCYZo4kVJo6Nmsjbn5kp7ejWuOYynvrUheQeTLU8e5CQmuS6L4VYaMVV2ETtb0VvpKjoQKHOC+co=t8PmKQCYZo4kVJo6Nms...</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate><!-- Omitted for brewity --> </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="www.mock-sts.com">uid=sts-client,o=mock-sts.com</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/> </saml2:Subject> <saml2:Conditions NotBefore="2011-11-03T12:52:52.063Z" NotOnOrAfter="2011-11-03T12:52:52.063Z"> <saml2:AudienceRestriction> <saml2:Audience>https://sp.example.com/SAML2</saml2:Audience> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AuthnStatement AuthnInstant="2011-11-03T12:52:51.981Z" SessionIndex="123456"> <saml2:AuthnContext><saml2:AuthnContextClassRef/></saml2:AuthnContext> </saml2:AuthnStatement> <saml2:AttributeStatement> <saml2:Attribute FriendlyName="subject-role" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"> <saml2:AttributeValue xsi:type="xs:string">user</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="http://claims/authentication" NameFormat="http://claims/authentication-format"> <saml2:AttributeValue xsi:type="xs:string">password</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> </saml2:Assertion> </env:Envelope> |
...
Code Block | ||||
---|---|---|---|---|
| ||||
<env:Envelope xmlns:env="http://org.apache.cxf/rs/env" ID="e795cdd1-c19d-4a5c-8d86-e8a781af4787"> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_C76E3D5BBEE4C4D87913203281641141" IssueInstant="2011-11-03T13:49:24.114Z" Version="2.0" xsi:type="saml2:AssertionType"> <saml2:Issuer>https://idp.example.org/SAML2</saml2:Issuer> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="www.mock-sts.com">uid=sts-client,o=mock-sts.com</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/> </saml2:Subject> <saml2:Conditions NotBefore="2011-11-03T13:49:24.127Z" NotOnOrAfter="2011-11-03T13:49:24.127Z"> <saml2:AudienceRestriction> <saml2:Audience>https://sp.example.com/SAML2</saml2:Audience> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AuthnStatement AuthnInstant="2011-11-03T13:49:24.044Z" SessionIndex="123456"> <saml2:AuthnContext> <saml2:AuthnContextClassRef/> </saml2:AuthnContext> </saml2:AuthnStatement> <saml2:AttributeStatement> <saml2:Attribute FriendlyName="subject-role" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">user</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="http://claims/authentication" NameFormat="http://claims/authentication-format"> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">password</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> </saml2:Assertion> <Book> <id>125</id> <name>CXF</name> </Book> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds> <ds:Reference URI="#e795cdd1-c19d-4a5c-8d86-e8a781af4787"><ds:Transforms><ds> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><> </ds:Transforms><dsTransforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds> <ds:DigestValue>GR1pHd2JpxYiCzl6ouCmTZjq/AA=</ds:DigestValue><DigestValue> </ds:Reference><Reference> </ds:SignedInfo><dsSignedInfo> <ds:SignatureValue>C2qUDOFwart2GHFjX6kB3E3z73AMXtRR/6Qjgyp6XP/vTn/Fr2epDNub3q+gNdT0KgjLE2rSynM3QTcpHov9C8l9a8VQquItaalr0XA7BJcxdFMxB7KEATKR9XtrmIEkiw9efM8M83iVux/ufCOWrt0Te2RLz+nRwzyEY49VQOQ=gNdT0KgjLE2rSynM3QTcpHov9C8...</ds:SignatureValue><ds:KeyInfo><dsSignatureValue> <ds:KeyInfo> <ds:X509Data><ds:X509Certificate><!-- Omitted for brewity --></ds:X509Certificate></ds:X509Data><dsX509Data> <ds:KeyValue><ds:RSAKeyValue><ds:Modulus>vu747/VShQ85f16DGSc4Ixh9PVpGguyEqrCsK8q9XHOYX9l9/g5wEC6ZcR2FwfNsoaHcKNPjd5sSTzVtBWmQjfBEfIqwTR7vuihOxyNTwEzVwIJzvo7p8/aYxk+VdBtQxq4UweIcf/iFkUbM1cZ1oiXRQzciRBi+C1BQCQE0qzs=VShQ85f16DGSc4Ixh9...</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><KeyValue> </ds:KeyInfo><KeyInfo> </ds:Signature><Signature> </env:Envelope> |
Server configuration fragment:
...