Skip to main content

SAML Response Example

Deflated and Base64-encoded XML:

xVhrc6pMEv6+VfsfLM/HlOGqgnWS3QGUkAhGxeuXt4AZcBK5CENAf/0OGnM0JjmX3dq3KlWS7p6efp7uHnr4njnhOumMUJbEUYZqZbiOss5eeFPP06gTOxnOOpEToqxDvM4YmP0Of812kjQmsRev6ydLvl7hZBlKCY6jes3Qbup/SUiCXtNvyY4seZ7ocb4viHwbNT0kiC225cNWm/dlDrXqtSlKM7rypk4d0eVZliMjyogTESpiObHBthtc22a5Dv0TpWW9pqGM4Mgh+1UrQpIOw2TJNSqdMFmjay8OGYjCmGNwBFF5naySfzleRn1HRy7s+KY+sLr9gW5Yf4k+QoLLii1Bbnoiajc5luOQ3PYlmWXdJt8WYLPVkpr123/+o1b7XrHR2YeZ3r5ujuH57iEiDnSIU239nTld8OYh6YyJQ/JsL3knU2OIalNnnaOvWc/21p1x7nkoy+rMwTtz4f4QMjjm6DWrZYbf2CuK4roQruM0YHiW5Zi52R97KxQ6DbxPhYfqb6t+vuhQBIlfykhqerLLNRzIo4bkQ7HRliTU8F0Xuq22A5uu+AcFcMrZf5UJ6gNS/nBAiylPjx0CP4PIMqzMUBuY4eDbMYofPhA0Ij9+Ex8UqhPFEfacNd7tC9ZEZBXDGlgHcYrJKvyUTY6ttmqg0mt4nBh9e03v+Zb7sH/R5Vn0aeY0spXDXXgdIR+liCa8NhkZN/Vvv5rFEzcHR3bqRJkfp2F2pnqn/L2oUfSC1nGCYCM7gj8D8Pvuf8Jz1U6fY6m20nBAT6M/ScEF/acO991/q+/coQXslreEmBtKJJ0wRAMhKzx4N/vATo1P8sicJvJHnTIfF+pZMR18uc0tI7HGNHSs+WJ6v24NQGBIfaCMXnqFKopMpjxGZX/VnI02wWgwTwi+75nJzB5sroRRXj6FvU23/QTmmKzH22YYp3x/tsTq1b3I7MrHabFar+WMGYElNgXd2F2tRv6iBdP5Nnqa4eetOHpyht27WEgFNB35lj9Ycs/AWIiqBp4sCILdcEzPDJzD4uYN1kn8p9Ae0PaDvpw3WVmjB8MF/5VCrQ5Kn3YtQbemYajOk6oCOAhAYSiUCAVowFKC583qGetywSpgyPaApozNYVaow4U2HQ71bnHPebuubSpdHXCTrgqKhyHfy5zZ8sULm8nC7k5NxTzogsK0+eba1eXImYnBeNZ8Mkde0Tv40jTQ3Hlqc430HvH0ct0PrRfXBqhXsKWlAcG0Pfrb3Vr20tnL7HOZ2TNKdQfulcCaKmBhg2i6M0dm0T34NzSQaItZmSxDeeuG65U5mhTdYq970ED56IbTzOVh4mLl3g3NsrcD04Mv09Qiq+iHU3Ex4wpXn+QLXiamofsmYHV1vNHHhitowy7laAKAqFtAUxU8fFCCobYsrwaWaExiY1YG+bPtcmSA54JrLnaLIS5mjxPLTK56G4kvYysOsph3t89Lnd3i+7AZS7sXJoOtRI9zZ2sGzyXD98YD6Aktm33SXfUuH41dgh32sbuzjBEJp9hMiQBQPFMwHM3DZVaqVr8IjGkLRvwsybtNsGPduyBZRsPSfuihZ1YxHyYMlApK0RAoMQcK+wnACvvdUOz2guFEvysXm+ViO297dvkwHWjTYFmMbahGRXFXcThinxQlKHox+NJWA3tbWwGTAhRdhdl9UGNgQHlTtr3B+mpFk6q6UNDu/SjhRwFk4IaQbKkzZLsy+rOXburimNG6SJbCeRIXK/tZZcWulaSD7Ry3l+5kg7HXk+Qc6FvCxZvAnqgaN836zmpjeGG6C/LQ2tpFX5/FXHumAYdj8kxbITID5irY9Rg18puUpOiBZUN2sdS3ntjfBRqrjgYmGNszK7g5tOf7pnp3Vl0041563rjnbX42Aoxz9wl55MfqvdSi85Kh1caP1cMwp29gH6P064HxdFyo13r0xHfI1zNYJcGw4e9NO6R6UWAUkfrtX3TUhbwsSq7o+dUY04IIsQ7rChC26GTstjxfog88bL8OJoeA36F4xabGkY+rLar57fC2+TouL+y4yElRevpm/tRlRX7NiskgGqTAJxVNPMvTyYtrcJLNtjr86+g9Qh5OKoD/18GbOSmMzyC8lckHJXHATa0hrkyzCqqCaM7QBxMmV+H8BS7eJQrkEFevW4qUpNg7CenS5vZXa/AVzdu6dzR8vuerwQ/IZ0yAnKyi6oKAQprK2v7fn9y5xvSGQf18xMvBVH5valQ1QO+CLpJlOiW6UGZFCD0HCR6LXJGTZAe6SPDbHBL4tufLwiWlNC4KgaCSfMDlD6W6phdQOvDcfnlH9TpeZUfFj/SniFP4RuMHri6ovojlVPNG5jnPhKbFzQl6r74wqFXNTzsaw/r+8VeOHocurqTHw8eldt5lu7/tsR+NavTa1yHbhG5W0ps9VUVB/ZbQAjrCOTO/oOGo/QmQ0MHrvw3Jv0+a6n+KCsH8kV5W4wj4Pl5j5/DF429AmdOrfPY1tN9x98pXGq8R90eEvRef1/tRe/wAQYXHrxTH98LtfwA=

Decoded signed SAML Response:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>  <samlp:Status>    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>  </samlp:Status>  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="pfx9e85c9b1-ad2e-8fd4-788e-fbbdb67ad5b4" Version="2.0" IssueInstant="2014-07-17T01:01:48Z">    <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">      <ds:SignedInfo>        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>        <ds:Reference URI="#pfx9e85c9b1-ad2e-8fd4-788e-fbbdb67ad5b4">          <ds:Transforms>            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>          </ds:Transforms>          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>          <ds:DigestValue>GzbQNAT6cZdi1Q8trU/tDAm03Kc=</ds:DigestValue>        </ds:Reference>      </ds:SignedInfo>      <ds:SignatureValue>b5y/80IVmaNXYVJl6OAgI8LABRvFwC44/sBPnxLh5WRqgROXptiJFMpWTOq+3RuxjmFqE7jAXitlSy5mor2LWZiC+J4/zxPVwhll9s/RAZiM3GIz+hRfY6drXynjWiky4RjaQEHo3r3eVRfNfOZ1kAIY4CDAjNdAgzQSsioiudw=</ds:SignatureValue>      <ds:KeyInfo>        <ds:X509Data>          <ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate>        </ds:X509Data>      </ds:KeyInfo>    </ds:Signature>    <saml:Subject>      <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>      </saml:SubjectConfirmation>    </saml:Subject>    <saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">      <saml:AudienceRestriction>        <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>      </saml:AudienceRestriction>    </saml:Conditions>    <saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" SessionNotOnOrAfter="2024-07-17T09:01:48Z" SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">      <saml:AuthnContext>        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>      </saml:AuthnContext>    </saml:AuthnStatement>    <saml:AttributeStatement>      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>      </saml:Attribute>      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">        <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>      </saml:Attribute>      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">        <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>        <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>      </saml:Attribute>    </saml:AttributeStatement>  </saml:Assertion></samlp:Response>

Issuer element:

<saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>

Subject element:

<saml:Subject>  <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>  <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">    <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>  </saml:SubjectConfirmation></saml:Subject>

Conditions and Audience elements:

<saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">  <saml:AudienceRestriction>    <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>  </saml:AudienceRestriction></saml:Conditions>

Attribute Statement element:

<saml:AttributeStatement>  <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">    <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>  </saml:Attribute>  <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">    <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>  </saml:Attribute>  <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">    <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>    <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>  </saml:Attribute></saml:AttributeStatement>