...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header />
<SOAP-ENV:Body>
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2008-12-10T14:12:14.817Z"
MajorVersion="1" MinorVersion="1" Recipient="https://eiger.iad.vt.edu/dat/home.do"
ResponseID="_5c94b5431c540365e5a70b2874b75996">
<Status>
<StatusCode Value="samlp:Success">
</StatusCode>
</Status>
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_e5c23ff7a3889e12fa01802a47331653"
IssueInstant="2008-12-10T14:12:14.817Z" Issuer="localhost" MajorVersion="1"
MinorVersion="1">
<Conditions NotBefore="2008-12-10T14:12:14.817Z" NotOnOrAfter="2008-12-10T14:12:44.817Z">
<AudienceRestrictionCondition>
<Audience>
https://some-service.example.com/app/
</Audience>
</AudienceRestrictionCondition>
</Conditions>
<AttributeStatement>
<Subject>
<NameIdentifier>johnq</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>
urn:oasis:names:tc:SAML:1.0:cm:artifact
</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
<Attribute AttributeName="uid" AttributeNamespace="http://www.ja-sig.org/products/cas/">
<AttributeValue>12345</AttributeValue>
</Attribute>
<Attribute AttributeName="groupMembership" AttributeNamespace="http://www.ja-sig.org/products/cas/">
<AttributeValue>
uugid=middleware.staff,ou=Groups,dc=vt,dc=edu
</AttributeValue>
</Attribute>
<Attribute AttributeName="eduPersonAffiliation" AttributeNamespace="http://www.ja-sig.org/products/cas/">
<AttributeValue>staff</AttributeValue>
</Attribute>
<Attribute AttributeName="accountState" AttributeNamespace="http://www.ja-sig.org/products/cas/">
<AttributeValue>ACTIVE</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthenticationStatement AuthenticationInstant="2008-12-10T14:12:14.741Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<Subject>
<NameIdentifier>johnq</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>
urn:oasis:names:tc:SAML:1.0:cm:artifact
</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
</Assertion>
</Response>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
|
Client Support
The SAML 1.1 protocol is supported in the following clients as of this writing:
- Jasig Java CAS Client 3.1.x
- phpCAS 1.1.0
- .NET CAS Client
Customizing the SAML artifact used
In different versions of CAS, we've swapped the artifact type created by the SamlCompliantUniqueTicketIdGenerator. Unfortunately, not often for the better! As of CAS 3.4, the generator can handle both.
When constructing an instance of the SamlComplaintUniqueTicketIdGenerator, you may set the "saml2compliant" property to "true" in order to generate SAML2 artifacts. Otherwise SAML1 compliant artifacts are generated.
The example Spring configuration would look like the following (overriding the WEB-INF/spring-configuration/uniqueIdGenerators.xml):
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="samlServiceTicketUniqueIdGenerator" class="org.jasig.cas.util.SamlCompliantUniqueTicketIdGenerator">
<constructor-arg index="0" value="https://localhost:8443" />
<property name="saml2compliant" value="true" />
</bean>