locked
Attributes/Transform Rule assistance request RRS feed

  • Question

  • Hello, I am attempting to set up a SAML assertion for an endpoint, and have not been successful in get the settings correct after several tries. The vendor I am working with gave me example SAML assertion data that has worked for their other clients, which I will post below. I am hoping that someone can decipher the below for me and help me determine what Attributes to send, and/or transform rules that I need to apply to get the same output.

          <saml2:Subject>
             <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">pkondar</saml2:NameID>
             <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData NotOnOrAfter="2017-09-21T12:22:50Z" Recipient="https://endpoint.example.com/accounts/login/receive-id" />
             </saml2:SubjectConfirmation>
          </saml2:Subject>
          <saml2:Conditions NotBefore="2017-09-21T12:09:50Z" NotOnOrAfter="2017-09-21T12:22:50Z">
             <saml2:AudienceRestriction>
                <saml2:Audience>client.endpoint.example.com</saml2:Audience>
             </saml2:AudienceRestriction>
          </saml2:Conditions>
          <saml2:AuthnStatement AuthnInstant="2017-09-21T12:12:50Z" SessionIndex="_9506bec9f979d168465b9defc3febc1b4fcd08">
             <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
             </saml2:AuthnContext>
          </saml2:AuthnStatement>
          <saml2:AttributeStatement>
             <saml2:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <saml2:AttributeValue>pkondar@client.com</saml2:AttributeValue>
             </saml2:Attribute>
             <saml2:Attribute Name="NameID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <saml2:AttributeValue>pkondar</saml2:AttributeValue>
             </saml2:Attribute>
          </saml2:AttributeStatement>
       </saml2:Assertion>

    Wednesday, December 27, 2017 5:26 PM

Answers