Changes

Single Sign-On

4,454 bytes added, 17:27, 5 August 2014
SAML 2.0
Note: Client must provide SmartSimple with a public key in base64-encoded X509Certificate format for digital signature validation.
 
===SAML Response Sample XML===
 
 
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><?xmlversion="1.0" encoding="UTF-8"?>
<samlp:Responsexmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"Destination="https://alias.smartsimple.com/SAML2/"IssueInstant="2014-07-12T14:17:03.063Z"ID="BYavZkuNtRHC5rEPhIAEQrys1Wb" Version="2.0">
<saml:Issuerxmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">sso:saml2:alias:stage:SmartSimple:idp</saml:Issuer>
<ds:Signaturexmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethodAlgorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethodAlgorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:ReferenceURI="#BYavZkuNtRHC5rEPhIAEQrys1Wb">
<ds:Transforms>
<ds:TransformAlgorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:TransformAlgorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>+2uvXQh+d65mNWs0G6FBf4igIxU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>LEOCPec/eNBMqBV7A99...</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCodeValue="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertionxmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"Version="2.0" IssueInstant="2014-07-12T14:17:03.246Z"ID="X14MvZtPaqyUjfFCbehto32uDTG">
<saml:Issuer>sso:saml2:alias:stage:SmartSimple:idp</saml:Issuer>
<saml:Subject>
<saml:NameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">123456</saml:NameID>
<saml:SubjectConfirmationMethod="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationDataNotOnOrAfter="2014-07-12T14:22:03.246Z" Recipient="https://alias.smartsimple.com/SAML2/"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2014-07-12T14:22:03.246Z"NotBefore="2014-07-12T14:12:03.246Z">
<saml:AudienceRestriction>
<saml:Audience>sso:saml2:alias:stage:SmartSimple:sp</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatementAuthnInstant="2014-07-12T14:17:03.246Z"SessionIndex="X14MvZtPaqyUjfFCbehto32uDTG">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatementxmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml:AttributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"Name="Email">
<saml:AttributeValuexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:type="xs:string">david@alias.com</saml:AttributeValue>
</saml:Attribute>
<saml:AttributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="UID">
<saml:AttributeValuexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:type="xs:string">T5014CD</saml:AttributeValue>
</saml:Attribute>
<saml:AttributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"Name="First name">
<saml:AttributeValuexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:type="xs:string">David</saml:AttributeValue>
</saml:Attribute>
<saml:AttributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"Name="Last name">
<saml:AttributeValuexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:type="xs:string">Smith</saml:AttributeValue>
</saml:Attribute>
<saml:AttributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"Name="Department">
<saml:AttributeValuexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:type="xs:string">Shipping</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"Name="Roles">
<saml:AttributeValuexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:type="xs:string">Clerk</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response></pre>
Contact SmartSimple for an example of a valid SAML Response.
8,849
edits