summaryrefslogtreecommitdiff
path: root/examples/verify4-bad-tmpl.xml
diff options
context:
space:
mode:
Diffstat (limited to 'examples/verify4-bad-tmpl.xml')
-rw-r--r--examples/verify4-bad-tmpl.xml54
1 files changed, 54 insertions, 0 deletions
diff --git a/examples/verify4-bad-tmpl.xml b/examples/verify4-bad-tmpl.xml
new file mode 100644
index 00000000..5cd026f3
--- /dev/null
+++ b/examples/verify4-bad-tmpl.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: A simple bad SAML response template (verify4 example).
+
+Sign it using the following command (replace __ with double dashes):
+
+ ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4--bad-res.xml verify4-bad-tmpl.xml
+-->
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d703-FB24AD27D96135B68C99FB9AACFE2FFC">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath xmlns:samlp_xpath="urn:oasis:names:tc:SAML:1.0:protocol" >
+ count(ancestor-or-self::samlp_xpath:Response |
+ here()/ancestor::samlp_xpath:Response[1]) =
+ count(ancestor-or-self::samlp_xpath:Response)
+ </dsig:XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue/>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue/>
+ <dsig:KeyInfo>
+ <dsig:X509Data/>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+ <Status>
+ <StatusCode Value="samlp:Success"/>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0">
+ <Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z">
+ <AudienceRestrictionCondition>
+ <Audience>http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AuthenticationStatement AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod">
+ <Subject>
+ <NameIdentifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu">foo</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <SubjectLocality IPAddress="127.0.0.1"/>
+ <AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.osu.edu/"/>
+ </AuthenticationStatement>
+ </Assertion>
+</Response>