Skip to main content

SAML authentication event examples

Following are examples of various steps required to configure SAML as the authentication method for your product. These examples are referenced on the Edit authentication page.

Example A—SUBSCRIPTION_ORDER event

{
"type": "SUBSCRIPTION_ORDER",
"marketplace": {
"partner": "APPDIRECT",
"baseUrl": "https://marketplace.exampletelco.com"
},
...
"links": [
{
"rel": "samlIdp",
"href": "https://marketplace.exampletelco.com/api/account/v2/subscriptions/9b81dd5f-5afb-494e-a337-1fcd7c166f98/saml"
}
]
}

Example B—SAML metadata

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://marketplace.exampletelco.com/saml/1324f505-af41-4a71-8e0b-515a38bef4bb">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICyDCCAbCgAwIBAgIGAWDhTY89MA0GCSqGSIb3DQEBBQUAMCUxIzAhBgNVBAoM
GkNPTVBBTllfRU5USVRMRU1FTlQtNzI3MzcxMB4XDTE4MDEwOTE4MjA0NFoXDTIz
MDExMDE4MjA0NFowJTEjMCEGA1UECgwaQ09NUEFOWV9FTlRJVExFTUVOVC03Mjcz
NzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb+Z88P3kUo3jKLeo2
EnOrB2M7gtUEPbAd4TCwGJzCjIs0NuMnVeOoKUEnr+s5TbSRBqp4d4YuLjviILT5
LVABY7r1ODOCou7MmuqWaeiZc0W12FvwjeZ37BdULYTr4pRAZFkdBIaK+AC26r+E
v1jr8DgdAWohKWfSFxM3+mB0eWKZzExeewgxUKdBIW83r+puk2jdG05CWkLFzQ9t
gN6GcTkD9oQmhxgA8WXANjg7pDfpZ6UaWI2sd55O/OnVDoLKUt4LFZ/1HH8QLRuF
RW+meIkc16NVM6QCdreAvTY5phfQQapaLfiGSq/2/i+sWwjSYRazMqgpZOwzJBOp
ly7hAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAI6ub/fdEwAeBaNDD19lYXN6iSMq
JwKEnhRb6yRR9//GFf2mF7PxPiuYG34h0oOBHH4WraqcMJ1D5aeV9WVIthXDC6zc
fvnV5S/CQwB8gOkB+ueVQsuxi4RpbN0RJKOeeMIudTCkSS3N2CaS3hKzWXbLOXxy
nLO4xzp8Z2ymOH/FLbbtU7Ogjk1yhs418+bHJQ5cYlwG1vExnmUppXXpz6Fs/pnp
CGLhkhziskwFr9C6++LMUjpH4LXs1EVK1lYLVJBKcwhMssJgn/yqCWR0ZDGPN1XG
gf6/U7Tyjz3Jz/oIzw1a6WIany22BGWxHDEoT90o/Uq3UJeJTfdPJ09FsSI=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://marketplace.exampletelco.com/saml/idp/login/1324f505-af41-4a71-8e0b-515a38bef4bb"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>

Example C—SAML response

<?xml 
version="1.0"
encoding="UTF-8"?>
<saml2p:Response
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://www.isv.com/acs"
ID="_ce1e56e1d023c5577d07ba0b895c13bd"
InResponseTo="_2CAAAAVtZX3lYME8wQTAwMDAwMDAwMDAzAAAAzvuJvcL_kWAbzchKB6aZbvbWSsygYVe6tvnG_1X13kwKjVKC8Fx0mhYBGRmDBwzXN8Ec8qZEXKEij_47Or67wm9M5WV1pQTBoCB0gpEBaiIRnJ10Svb3E8yjXLMVvFBgAHat4vSlJwonJKEtuDMrP85X8oLkpbnugB30Uv3sijcdElUzPPqX40UviK467N-0pHMnArPstT8Sw7baFfxeBlu0uAybRrcs_-7pvNNBjzYOyNxFr1mHF096aCjQ2negLA"
IssueInstant="2017-03-13T19:39:02.248Z"
Version="2.0">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://marketplace.exampletelco.com/saml/c5dc9b6f-e4c8-4ffc-83eb-6ad7eabf6fa8
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_b284310643f158edfca0ae1e22e19bd2"
IssueInstant="2017-03-13T19:39:02.171Z"
Version="2.0"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer>https://marketplace.exampletelco.com/saml/c5dc9b6f-e4c8-4ffc-83eb-6ad7eabf6fa8</saml2:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#_b284310643f158edfca0ae1e22e19bd2">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="xs"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>AzARsiX+uijCy/
p3vYftXLj7IR0=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>CTPrekQRY5Cb+eNffcr8/o3eHJi+GENbyKxzAIcBP0dpkoSzy6CiZfJjeYxw3TEmGbsT3910x9YYYzcDLCfgz5dZ880Rzo5hQ23dSvSwEhc5QTeMPtbhKK4RCoQj/teGVjxz9U6tsjRjJzILoOPU5DXmbmaz8yvoKvuIXjBYSkOtQmTGPeUBm0HalObkSM1zgycG4BrpRa01HO6xCnZ79IYxYgVEmmwbjOenxN55H6XgcjhSn1JK3fo5UiPeo/qD8KUoR1autT/kyGQ0i039Hh6AH6EicbxKHA5+gDdt20m6ZO/PRXbHhdkJkttMMWL/sENTfjxf/cp+
UhRQ8N2ixA==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICyDCCAbCgAwIBAgIGAVqQG0NgMA0GCSqGSIb3DQEBBQUAMCUxIzAhBgNVBAoMGkNPTVBBTllf
RU5USVRMRU1FTlQtNTM0OTkzMB4XDTE3MDMwMTE3Mzk1MFoXDTIyMDMwMjE3Mzk1MFowJTEjMCEG
A1UECgwaQ09NUEFOWV9FTlRJVExFTUVOVC01MzQ5OTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCv/PJhkC1keMNHn5uSINWwNCNbtfY+CVQYWF4H+GfyiWMZq1woarAt5l9gWRiUxcZN
7YvvDU+YRDZTyc4T5qNoZfww9t4YehqGWj+ZXBGeE8eguXC//nuoiwOYfv2AJ1ZDhtQGSxpbjFNF
9oJjv+l//hNREKSd7qf8CzVRoyc2+Qrx4nMcLcdWgLYAAOF1rtnif91YLNa7f16eI5hvpHEGZRT1
YcUKlpZE9MjRf0EhBxvzYP6kjTE1t1MEHsU5JylJYk3gqzxVmSB2MBIQi5qekgXyV0aIWQbLIBd9
k0xSmJifGGux58ldPi1O/zCRtAG/Wwmc+QEjkamwK97MdQMvAgMBAAEwDQYJKoZIhvcNAQEFBQAD
ggEBAIMWu19fz0a08+NwlJwGWm0oDKqjXAjGDReONizw5HjFlAXCwPUsGvJ2etWyWaY48/oKWxZO
FlkpAJOOVaPAhEI1xZcJNdhqYCUGtcFbQsBX3tIabe3CCU+CQUPEXUVyHMqTJOoRJqImTP2gQH38
15BJpj1F61P2a3/YEJHLB2qaMSH28rUHhRW1ub1syUApjL8w171WRhyqIXEUdc5Xn859EfXzGshB
r6XN9vPHbaaiWCirAq4g9jn/eud/QKChTtNmMgLU1Lsu1gLU4yKPWzXKIYA6mb9kS4LXEA6yFush
QNpFFSqW99N5QWfebwqReIyBwv/
Be4sFtifBYZn90ao=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">john.smith@testcompany.com
</saml2:NameID>
<saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData
InResponseTo="_2CAAAAVtZX3lYME8wQTAwMDAwMDAwMDAzAAAAzvuJvcL_kWAbzchKB6aZbvbWSsygYVe6tvnG_1X13kwKjVKC8Fx0mhYBGRmDBwzXN8Ec8qZEXKEij_47Or67wm9M5WV1pQTBoCB0gpEBaiIRnJ10Svb3E8yjXLMVvFBgAHat4vSlJwonJKEtuDMrP85X8oLkpbnugB30Uv3sijcdElUzPPqX40UviK467N-0pHMnArPstT8Sw7baFfxeBlu0uAybRrcs_-7pvNNBjzYOyNxFr1mHF096aCjQ2negLA"
NotOnOrAfter="2017-03-13T19:49:02.171Z"
Recipient="https://www.isv.com/acs"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions
NotBefore="2017-03-13T19:34:02.171Z"
NotOnOrAfter="2017-03-13T19:49:02.171Z">
<saml2:AudienceRestriction>
<saml2:Audience>https://www.isv.com</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement
AuthnInstant="2017-03-13T19:39:02.171Z"
SessionIndex="_08aae2b77cee92f3a8b259b3a32b6479">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute
Name="Email">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">john.smith@testcompany.com
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute
Name="FirstName">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">John
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute
Name="LastName">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">Smith
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>

Example D—SAML request

<?xml 
version="1.0"
encoding="UTF-8"?>
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://www.isv.com/acs"
Destination="https://marketplace.exampletelco.com/saml/idp/login/c5dc9b6f-e4c8-4ffc-83eb-6ad7eabf6fa8"
ID="_2CAAAAVtZX3lYME8wQTAwMDAwMDAwMDAzAAAAzvuJvcL_kWAbzchKB6aZbvbWSsygYVe6tvnG_1X13kwKjVKC8Fx0mhYBGRmDBwzXN8Ec8qZEXKEij_47Or67wm9M5WV1pQTBoCB0gpEBaiIRnJ10Svb3E8yjXLMVvFBgAHat4vSlJwonJKEtuDMrP85X8oLkpbnugB30Uv3sijcdElUzPPqX40UviK467N-0pHMnArPstT8Sw7baFfxeBlu0uAybRrcs_-7pvNNBjzYOyNxFr1mHF096aCjQ2negLA"
IssueInstant="2017-03-13T19:38:09.152Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://www.isv.com
</saml:Issuer>
</samlp:AuthnRequest>

Was this page helpful?