Following are examples of various steps required to configure SAML as the authentication method for your product. These examples are referenced on the Edit authentication page.
{
"type": "SUBSCRIPTION_ORDER",
"marketplace": {
"partner": "APPDIRECT",
"baseUrl": "https://marketplace.exampletelco.com"
},
...
"links": [
{
"rel": "samlIdp",
"href": "https://marketplace.exampletelco.com/api/account/v2/subscriptions/9b81dd5f-5afb-494e-a337-1fcd7c166f98/saml"
}
]
}
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://marketplace.exampletelco.com/saml/1324f505-af41-4a71-8e0b-515a38bef4bb">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICyDCCAbCgAwIBAgIGAWDhTY89MA0GCSqGSIb3DQEBBQUAMCUxIzAhBgNVBAoM
GkNPTVBBTllfRU5USVRMRU1FTlQtNzI3MzcxMB4XDTE4MDEwOTE4MjA0NFoXDTIz
MDExMDE4MjA0NFowJTEjMCEGA1UECgwaQ09NUEFOWV9FTlRJVExFTUVOVC03Mjcz
NzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb+Z88P3kUo3jKLeo2
EnOrB2M7gtUEPbAd4TCwGJzCjIs0NuMnVeOoKUEnr+s5TbSRBqp4d4YuLjviILT5
LVABY7r1ODOCou7MmuqWaeiZc0W12FvwjeZ37BdULYTr4pRAZFkdBIaK+AC26r+E
v1jr8DgdAWohKWfSFxM3+mB0eWKZzExeewgxUKdBIW83r+puk2jdG05CWkLFzQ9t
gN6GcTkD9oQmhxgA8WXANjg7pDfpZ6UaWI2sd55O/OnVDoLKUt4LFZ/1HH8QLRuF
RW+meIkc16NVM6QCdreAvTY5phfQQapaLfiGSq/2/i+sWwjSYRazMqgpZOwzJBOp
ly7hAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAI6ub/fdEwAeBaNDD19lYXN6iSMq
JwKEnhRb6yRR9//GFf2mF7PxPiuYG34h0oOBHH4WraqcMJ1D5aeV9WVIthXDC6zc
fvnV5S/CQwB8gOkB+ueVQsuxi4RpbN0RJKOeeMIudTCkSS3N2CaS3hKzWXbLOXxy
nLO4xzp8Z2ymOH/FLbbtU7Ogjk1yhs418+bHJQ5cYlwG1vExnmUppXXpz6Fs/pnp
CGLhkhziskwFr9C6++LMUjpH4LXs1EVK1lYLVJBKcwhMssJgn/yqCWR0ZDGPN1XG
gf6/U7Tyjz3Jz/oIzw1a6WIany22BGWxHDEoT90o/Uq3UJeJTfdPJ09FsSI=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://marketplace.exampletelco.com/saml/idp/login/1324f505-af41-4a71-8e0b-515a38bef4bb"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
<?xml
version="1.0"
encoding="UTF-8"?>
<saml2p:Response
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://www.isv.com/acs"
ID="_ce1e56e1d023c5577d07ba0b895c13bd"
InResponseTo="_2CAAAAVtZX3lYME8wQTAwMDAwMDAwMDAzAAAAzvuJvcL_kWAbzchKB6aZbvbWSsygYVe6tvnG_1X13kwKjVKC8Fx0mhYBGRmDBwzXN8Ec8qZEXKEij_47Or67wm9M5WV1pQTBoCB0gpEBaiIRnJ10Svb3E8yjXLMVvFBgAHat4vSlJwonJKEtuDMrP85X8oLkpbnugB30Uv3sijcdElUzPPqX40UviK467N-0pHMnArPstT8Sw7baFfxeBlu0uAybRrcs_-7pvNNBjzYOyNxFr1mHF096aCjQ2negLA"
IssueInstant="2017-03-13T19:39:02.248Z"
Version="2.0">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://marketplace.exampletelco.com/saml/c5dc9b6f-e4c8-4ffc-83eb-6ad7eabf6fa8
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_b284310643f158edfca0ae1e22e19bd2"
IssueInstant="2017-03-13T19:39:02.171Z"
Version="2.0"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer>https://marketplace.exampletelco.com/saml/c5dc9b6f-e4c8-4ffc-83eb-6ad7eabf6fa8</saml2:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#_b284310643f158edfca0ae1e22e19bd2">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="xs"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>AzARsiX+uijCy/
p3vYftXLj7IR0=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>CTPrekQRY5Cb+eNffcr8/o3eHJi+GENbyKxzAIcBP0dpkoSzy6CiZfJjeYxw3TEmGbsT3910x9YYYzcDLCfgz5dZ880Rzo5hQ23dSvSwEhc5QTeMPtbhKK4RCoQj/teGVjxz9U6tsjRjJzILoOPU5DXmbmaz8yvoKvuIXjBYSkOtQmTGPeUBm0HalObkSM1zgycG4BrpRa01HO6xCnZ79IYxYgVEmmwbjOenxN55H6XgcjhSn1JK3fo5UiPeo/qD8KUoR1autT/kyGQ0i039Hh6AH6EicbxKHA5+gDdt20m6ZO/PRXbHhdkJkttMMWL/sENTfjxf/cp+
UhRQ8N2ixA==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICyDCCAbCgAwIBAgIGAVqQG0NgMA0GCSqGSIb3DQEBBQUAMCUxIzAhBgNVBAoMGkNPTVBBTllf
RU5USVRMRU1FTlQtNTM0OTkzMB4XDTE3MDMwMTE3Mzk1MFoXDTIyMDMwMjE3Mzk1MFowJTEjMCEG
A1UECgwaQ09NUEFOWV9FTlRJVExFTUVOVC01MzQ5OTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCv/PJhkC1keMNHn5uSINWwNCNbtfY+CVQYWF4H+GfyiWMZq1woarAt5l9gWRiUxcZN
7YvvDU+YRDZTyc4T5qNoZfww9t4YehqGWj+ZXBGeE8eguXC//nuoiwOYfv2AJ1ZDhtQGSxpbjFNF
9oJjv+l//hNREKSd7qf8CzVRoyc2+Qrx4nMcLcdWgLYAAOF1rtnif91YLNa7f16eI5hvpHEGZRT1
YcUKlpZE9MjRf0EhBxvzYP6kjTE1t1MEHsU5JylJYk3gqzxVmSB2MBIQi5qekgXyV0aIWQbLIBd9
k0xSmJifGGux58ldPi1O/zCRtAG/Wwmc+QEjkamwK97MdQMvAgMBAAEwDQYJKoZIhvcNAQEFBQAD
ggEBAIMWu19fz0a08+NwlJwGWm0oDKqjXAjGDReONizw5HjFlAXCwPUsGvJ2etWyWaY48/oKWxZO
FlkpAJOOVaPAhEI1xZcJNdhqYCUGtcFbQsBX3tIabe3CCU+CQUPEXUVyHMqTJOoRJqImTP2gQH38
15BJpj1F61P2a3/YEJHLB2qaMSH28rUHhRW1ub1syUApjL8w171WRhyqIXEUdc5Xn859EfXzGshB
r6XN9vPHbaaiWCirAq4g9jn/eud/QKChTtNmMgLU1Lsu1gLU4yKPWzXKIYA6mb9kS4LXEA6yFush
QNpFFSqW99N5QWfebwqReIyBwv/
Be4sFtifBYZn90ao=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">john.smith@testcompany.com
</saml2:NameID>
<saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData
InResponseTo="_2CAAAAVtZX3lYME8wQTAwMDAwMDAwMDAzAAAAzvuJvcL_kWAbzchKB6aZbvbWSsygYVe6tvnG_1X13kwKjVKC8Fx0mhYBGRmDBwzXN8Ec8qZEXKEij_47Or67wm9M5WV1pQTBoCB0gpEBaiIRnJ10Svb3E8yjXLMVvFBgAHat4vSlJwonJKEtuDMrP85X8oLkpbnugB30Uv3sijcdElUzPPqX40UviK467N-0pHMnArPstT8Sw7baFfxeBlu0uAybRrcs_-7pvNNBjzYOyNxFr1mHF096aCjQ2negLA"
NotOnOrAfter="2017-03-13T19:49:02.171Z"
Recipient="https://www.isv.com/acs"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions
NotBefore="2017-03-13T19:34:02.171Z"
NotOnOrAfter="2017-03-13T19:49:02.171Z">
<saml2:AudienceRestriction>
<saml2:Audience>https://www.isv.com</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement
AuthnInstant="2017-03-13T19:39:02.171Z"
SessionIndex="_08aae2b77cee92f3a8b259b3a32b6479">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute
Name="Email">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">john.smith@testcompany.com
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute
Name="FirstName">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">John
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute
Name="LastName">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">Smith
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>
<?xml
version="1.0"
encoding="UTF-8"?>
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://www.isv.com/acs"
Destination="https://marketplace.exampletelco.com/saml/idp/login/c5dc9b6f-e4c8-4ffc-83eb-6ad7eabf6fa8"
ID="_2CAAAAVtZX3lYME8wQTAwMDAwMDAwMDAzAAAAzvuJvcL_kWAbzchKB6aZbvbWSsygYVe6tvnG_1X13kwKjVKC8Fx0mhYBGRmDBwzXN8Ec8qZEXKEij_47Or67wm9M5WV1pQTBoCB0gpEBaiIRnJ10Svb3E8yjXLMVvFBgAHat4vSlJwonJKEtuDMrP85X8oLkpbnugB30Uv3sijcdElUzPPqX40UviK467N-0pHMnArPstT8Sw7baFfxeBlu0uAybRrcs_-7pvNNBjzYOyNxFr1mHF096aCjQ2negLA"
IssueInstant="2017-03-13T19:38:09.152Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://www.isv.com
</saml:Issuer>
</samlp:AuthnRequest>