github.com/versent/saml2aws@v2.17.0+incompatible/testdata/assertion.xml (about) 1 <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_8d1930ff-0fdd-4707-b437-48a334aa096e" Version="2.0" IssueInstant="2016-09-10T02:54:39.387Z" Destination="https://signin.aws.amazon.com/saml" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"> 2 <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://id.example.com/adfs/services/trust</Issuer> 3 <samlp:Status> 4 <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> 5 </samlp:Status> 6 <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_f85be5f5-584c-4711-8c9d-5b13c4c49f89" IssueInstant="2016-09-10T02:54:39.386Z" Version="2.0"> 7 <Issuer>http://id.example.com/adfs/services/trust</Issuer> 8 <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 9 <ds:SignedInfo> 10 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 11 <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> 12 <ds:Reference URI="#_f85be5f5-584c-4711-8c9d-5b13c4c49f89"> 13 <ds:Transforms> 14 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> 15 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 16 </ds:Transforms> 17 <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 18 <ds:DigestValue>XXX</ds:DigestValue> 19 </ds:Reference> 20 </ds:SignedInfo> 21 <ds:SignatureValue>XXX</ds:SignatureValue> 22 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> 23 <ds:X509Data> 24 <ds:X509Certificate>XXX</ds:X509Certificate> 25 </ds:X509Data> 26 </KeyInfo> 27 </ds:Signature> 28 <Subject> 29 <NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">EXAMPLE\wolfeidau</NameID> 30 <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> 31 <SubjectConfirmationData NotOnOrAfter="2016-09-10T02:59:39.387Z" Recipient="https://signin.aws.amazon.com/saml"/> 32 </SubjectConfirmation> 33 </Subject> 34 <Conditions NotBefore="2016-09-10T02:54:39.371Z" NotOnOrAfter="2016-09-10T03:54:39.371Z"> 35 <AudienceRestriction> 36 <Audience>urn:amazon:webservices</Audience> 37 </AudienceRestriction> 38 </Conditions> 39 <AttributeStatement> 40 <Attribute Name="https://aws.amazon.com/SAML/Attributes/RoleSessionName"> 41 <AttributeValue>wolfeidau@example.com</AttributeValue> 42 </Attribute> 43 <Attribute Name="https://aws.amazon.com/SAML/Attributes/Role"> 44 <AttributeValue>arn:aws:iam::123123123123:saml-provider/ExampleADFS,arn:aws:iam::123123123123:role/AWS-Admin-CloudOPSBuild</AttributeValue> 45 <AttributeValue>arn:aws:iam::123123123123:saml-provider/ExampleADFS,arn:aws:iam::123123123123:role/AWS-Admin-CloudOPSNonProd</AttributeValue> 46 </Attribute> 47 <saml2:Attribute Name="https://aws.amazon.com/SAML/Attributes/SessionDuration" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> 48 <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">28800</saml2:AttributeValue> 49 </saml2:Attribute> 50 </AttributeStatement> 51 <AuthnStatement AuthnInstant="2016-09-10T02:54:39.227Z" SessionIndex="_f85be5f5-584c-4711-8c9d-5b13c4c49f89"> 52 <AuthnContext> 53 <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef> 54 </AuthnContext> 55 </AuthnStatement> 56 </Assertion> 57 </samlp:Response>