Subject: How to create saml2p Response?
Date: 2014-12-10 21:50:52
From: John Jay Ajero
Source: create-saml2p-response
----------------------------------------------------------------------

Hello, 

I'm very new to using SAML. As such, my TL refered me to ComponentPRO to help ease with the learning curve. Our requirement is to be able to HTTP POST a SAML Response using the sample format below:

I've gone through the Saml2IdPInitiated_2013 WEB sample solution to create a Response.
 
Question1: How do I set the response tag to use "saml2p"? 
 
 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="Response-_c0e283ff1f0dcb4f8757d80c8610363b" IssueInstant="2014-08-21T15:49:24.977Z" Version="2.0">
  <saml2p:Status>
    <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  </saml2p:Status>
  <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="SAMLAssertion-_9f3d9b434ff84a481e4363e912e246b7" IssueInstant="2014-08-21T15:49:24.977Z" Version="2.0">
    <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <ds:Reference URI="#SAMLAssertion-_9f3d9b434ff84a481e4363e912e246b7">
          <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:Transforms>
          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
          <ds:DigestValue>....</ds:DigestValue>
        </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>...</ds:SignatureValue>
      <ds:KeyInfo>
        <ds:X509Data>
          <ds:X509Certificate>...</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </ds:Signature>
    <saml2:Subject>
      <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
      <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
    </saml2:Subject>
    <saml2:Conditions NotBefore="2014-08-21T15:49:24.977Z" NotOnOrAfter="2014-08-21T16:04:24.977Z"/>
    <saml2:AttributeStatement>
  ...
    </saml2:AttributeStatement>
    <saml2:AuthnStatement AuthnInstant="2014-08-21T15:49:24.977Z" SessionNotOnOrAfter="2014-08-21T16:04:24.977Z">
      <saml2:SubjectLocality/>
      <saml2:AuthnContext>
        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
      </saml2:AuthnContext>
    </saml2:AuthnStatement>
  </saml2:Assertion>
</saml2p:Response>
 
 
 
---------------------------------------------------------------------- Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor who sold you the license and ask for your money back. Back to ComponentPro Q&A Forum Index