Following are examples of various steps required to configure SAML as the authentication method for your product. These examples are referenced on the Edit authentication page.
{ "type": "SUBSCRIPTION_ORDER", "marketplace": { "partner": "APPDIRECT", "baseUrl": "https://marketplace.exampletelco.com" }, ... "links": [ { "rel": "samlIdp", "href": "https://marketplace.exampletelco.com/api/account/v2/subscriptions/9b81dd5f-5afb-494e-a337-1fcd7c166f98/saml" } ] }
<?xml version="1.0" encoding="UTF-8"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://marketplace.exampletelco.com/saml/1324f505-af41-4a71-8e0b-515a38bef4bb"> <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIICyDCCAbCgAwIBAgIGAWDhTY89MA0GCSqGSIb3DQEBBQUAMCUxIzAhBgNVBAoM GkNPTVBBTllfRU5USVRMRU1FTlQtNzI3MzcxMB4XDTE4MDEwOTE4MjA0NFoXDTIz MDExMDE4MjA0NFowJTEjMCEGA1UECgwaQ09NUEFOWV9FTlRJVExFTUVOVC03Mjcz NzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb+Z88P3kUo3jKLeo2 EnOrB2M7gtUEPbAd4TCwGJzCjIs0NuMnVeOoKUEnr+s5TbSRBqp4d4YuLjviILT5 LVABY7r1ODOCou7MmuqWaeiZc0W12FvwjeZ37BdULYTr4pRAZFkdBIaK+AC26r+E v1jr8DgdAWohKWfSFxM3+mB0eWKZzExeewgxUKdBIW83r+puk2jdG05CWkLFzQ9t gN6GcTkD9oQmhxgA8WXANjg7pDfpZ6UaWI2sd55O/OnVDoLKUt4LFZ/1HH8QLRuF RW+meIkc16NVM6QCdreAvTY5phfQQapaLfiGSq/2/i+sWwjSYRazMqgpZOwzJBOp ly7hAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAI6ub/fdEwAeBaNDD19lYXN6iSMq JwKEnhRb6yRR9//GFf2mF7PxPiuYG34h0oOBHH4WraqcMJ1D5aeV9WVIthXDC6zc fvnV5S/CQwB8gOkB+ueVQsuxi4RpbN0RJKOeeMIudTCkSS3N2CaS3hKzWXbLOXxy nLO4xzp8Z2ymOH/FLbbtU7Ogjk1yhs418+bHJQ5cYlwG1vExnmUppXXpz6Fs/pnp CGLhkhziskwFr9C6++LMUjpH4LXs1EVK1lYLVJBKcwhMssJgn/yqCWR0ZDGPN1XG gf6/U7Tyjz3Jz/oIzw1a6WIany22BGWxHDEoT90o/Uq3UJeJTfdPJ09FsSI=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://marketplace.exampletelco.com/saml/idp/login/1324f505-af41-4a71-8e0b-515a38bef4bb"/> </md:IDPSSODescriptor> </md:EntityDescriptor>
<?xml version="1.0" encoding="UTF-8"?> <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://www.isv.com/acs" ID="_ce1e56e1d023c5577d07ba0b895c13bd" InResponseTo="_2CAAAAVtZX3lYME8wQTAwMDAwMDAwMDAzAAAAzvuJvcL_kWAbzchKB6aZbvbWSsygYVe6tvnG_1X13kwKjVKC8Fx0mhYBGRmDBwzXN8Ec8qZEXKEij_47Or67wm9M5WV1pQTBoCB0gpEBaiIRnJ10Svb3E8yjXLMVvFBgAHat4vSlJwonJKEtuDMrP85X8oLkpbnugB30Uv3sijcdElUzPPqX40UviK467N-0pHMnArPstT8Sw7baFfxeBlu0uAybRrcs_-7pvNNBjzYOyNxFr1mHF096aCjQ2negLA" IssueInstant="2017-03-13T19:39:02.248Z" Version="2.0"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://marketplace.exampletelco.com/saml/c5dc9b6f-e4c8-4ffc-83eb-6ad7eabf6fa8 </saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </saml2p:Status> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_b284310643f158edfca0ae1e22e19bd2" IssueInstant="2017-03-13T19:39:02.171Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <saml2:Issuer>https://marketplace.exampletelco.com/saml/c5dc9b6f-e4c8-4ffc-83eb-6ad7eabf6fa8</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_b284310643f158edfca0ae1e22e19bd2"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>AzARsiX+uijCy/ p3vYftXLj7IR0= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>CTPrekQRY5Cb+eNffcr8/o3eHJi+GENbyKxzAIcBP0dpkoSzy6CiZfJjeYxw3TEmGbsT3910x9YYYzcDLCfgz5dZ880Rzo5hQ23dSvSwEhc5QTeMPtbhKK4RCoQj/teGVjxz9U6tsjRjJzILoOPU5DXmbmaz8yvoKvuIXjBYSkOtQmTGPeUBm0HalObkSM1zgycG4BrpRa01HO6xCnZ79IYxYgVEmmwbjOenxN55H6XgcjhSn1JK3fo5UiPeo/qD8KUoR1autT/kyGQ0i039Hh6AH6EicbxKHA5+gDdt20m6ZO/PRXbHhdkJkttMMWL/sENTfjxf/cp+ UhRQ8N2ixA== </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIICyDCCAbCgAwIBAgIGAVqQG0NgMA0GCSqGSIb3DQEBBQUAMCUxIzAhBgNVBAoMGkNPTVBBTllf RU5USVRMRU1FTlQtNTM0OTkzMB4XDTE3MDMwMTE3Mzk1MFoXDTIyMDMwMjE3Mzk1MFowJTEjMCEG A1UECgwaQ09NUEFOWV9FTlRJVExFTUVOVC01MzQ5OTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCv/PJhkC1keMNHn5uSINWwNCNbtfY+CVQYWF4H+GfyiWMZq1woarAt5l9gWRiUxcZN 7YvvDU+YRDZTyc4T5qNoZfww9t4YehqGWj+ZXBGeE8eguXC//nuoiwOYfv2AJ1ZDhtQGSxpbjFNF 9oJjv+l//hNREKSd7qf8CzVRoyc2+Qrx4nMcLcdWgLYAAOF1rtnif91YLNa7f16eI5hvpHEGZRT1 YcUKlpZE9MjRf0EhBxvzYP6kjTE1t1MEHsU5JylJYk3gqzxVmSB2MBIQi5qekgXyV0aIWQbLIBd9 k0xSmJifGGux58ldPi1O/zCRtAG/Wwmc+QEjkamwK97MdQMvAgMBAAEwDQYJKoZIhvcNAQEFBQAD ggEBAIMWu19fz0a08+NwlJwGWm0oDKqjXAjGDReONizw5HjFlAXCwPUsGvJ2etWyWaY48/oKWxZO FlkpAJOOVaPAhEI1xZcJNdhqYCUGtcFbQsBX3tIabe3CCU+CQUPEXUVyHMqTJOoRJqImTP2gQH38 15BJpj1F61P2a3/YEJHLB2qaMSH28rUHhRW1ub1syUApjL8w171WRhyqIXEUdc5Xn859EfXzGshB r6XN9vPHbaaiWCirAq4g9jn/eud/QKChTtNmMgLU1Lsu1gLU4yKPWzXKIYA6mb9kS4LXEA6yFush QNpFFSqW99N5QWfebwqReIyBwv/ Be4sFtifBYZn90ao= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">john.smith@testcompany.com </saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData InResponseTo="_2CAAAAVtZX3lYME8wQTAwMDAwMDAwMDAzAAAAzvuJvcL_kWAbzchKB6aZbvbWSsygYVe6tvnG_1X13kwKjVKC8Fx0mhYBGRmDBwzXN8Ec8qZEXKEij_47Or67wm9M5WV1pQTBoCB0gpEBaiIRnJ10Svb3E8yjXLMVvFBgAHat4vSlJwonJKEtuDMrP85X8oLkpbnugB30Uv3sijcdElUzPPqX40UviK467N-0pHMnArPstT8Sw7baFfxeBlu0uAybRrcs_-7pvNNBjzYOyNxFr1mHF096aCjQ2negLA" NotOnOrAfter="2017-03-13T19:49:02.171Z" Recipient="https://www.isv.com/acs"/> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2017-03-13T19:34:02.171Z" NotOnOrAfter="2017-03-13T19:49:02.171Z"> <saml2:AudienceRestriction> <saml2:Audience>https://www.isv.com</saml2:Audience> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AuthnStatement AuthnInstant="2017-03-13T19:39:02.171Z" SessionIndex="_08aae2b77cee92f3a8b259b3a32b6479"> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> <saml2:AttributeStatement> <saml2:Attribute Name="Email"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">john.smith@testcompany.com </saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="FirstName"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">John </saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="LastName"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Smith </saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> </saml2:Assertion> </saml2p:Response>
<?xml version="1.0" encoding="UTF-8"?> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://www.isv.com/acs" Destination="https://marketplace.exampletelco.com/saml/idp/login/c5dc9b6f-e4c8-4ffc-83eb-6ad7eabf6fa8" ID="_2CAAAAVtZX3lYME8wQTAwMDAwMDAwMDAzAAAAzvuJvcL_kWAbzchKB6aZbvbWSsygYVe6tvnG_1X13kwKjVKC8Fx0mhYBGRmDBwzXN8Ec8qZEXKEij_47Or67wm9M5WV1pQTBoCB0gpEBaiIRnJ10Svb3E8yjXLMVvFBgAHat4vSlJwonJKEtuDMrP85X8oLkpbnugB30Uv3sijcdElUzPPqX40UviK467N-0pHMnArPstT8Sw7baFfxeBlu0uAybRrcs_-7pvNNBjzYOyNxFr1mHF096aCjQ2negLA" IssueInstant="2017-03-13T19:38:09.152Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://www.isv.com </saml:Issuer> </samlp:AuthnRequest>