examples/verify4-bad-tmpl.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

<?xml version="1.0" encoding="UTF-8"?>
<!-- 
XML Security Library example: A simple bad SAML response template (verify4 example). 

Sign it using the following command (replace __ with double dashes):

 ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4--bad-res.xml verify4-bad-tmpl.xml
-->
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d703-FB24AD27D96135B68C99FB9AACFE2FFC">
  <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
    <dsig:SignedInfo>
      <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
      <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <dsig:Reference URI="">
        <dsig:Transforms>
          <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
            <dsig:XPath xmlns:samlp_xpath="urn:oasis:names:tc:SAML:1.0:protocol" >
              count(ancestor-or-self::samlp_xpath:Response |
              here()/ancestor::samlp_xpath:Response[1]) =
              count(ancestor-or-self::samlp_xpath:Response)
            </dsig:XPath>
          </dsig:Transform>
        </dsig:Transforms>
        <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <dsig:DigestValue/>
      </dsig:Reference>
    </dsig:SignedInfo>
    <dsig:SignatureValue/>
    <dsig:KeyInfo>
      <dsig:X509Data/>
    </dsig:KeyInfo>
  </dsig:Signature>
  <Status>
    <StatusCode Value="samlp:Success"/>
  </Status>
  <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0">
    <Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z">
      <AudienceRestrictionCondition>
        <Audience>http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/</Audience>
      </AudienceRestrictionCondition>
    </Conditions>
    <AuthenticationStatement AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod">
      <Subject>
        <NameIdentifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu">foo</NameIdentifier>
        <SubjectConfirmation>
          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer</ConfirmationMethod>
        </SubjectConfirmation>
      </Subject>
      <SubjectLocality IPAddress="127.0.0.1"/>
      <AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.osu.edu/"/>
    </AuthenticationStatement>
  </Assertion>
</Response>