How do you use SAML 2.0 for redirecting a user from website A to website B? Once the user finishes his activity at website B, he should come back to website A , based on results from website B, he should be able to proceed on website A for further activity.
I am also confused with the idea of Service Provider(SP) and Identity Provider(IP). Will website A be a service provider or identity provider and similarly for website B?
My background in SAML 2.0 is literally zero and I am reading documents to understand how to create SAML 2.0 assertion. I am trying to implement this in java.
Does anyone have any good starting primer for understanding SAML 2.0 ?
<?xml version="1.0" encoding="UTF-8"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" IssueInstant="2013-04-12T15:43:42.389Z" ID="413be1b7-ac2d-4324-a359-998935f11a66">
-<saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status>
-<saml2:Assertion Version="2.0" IssueInstant="2013-04-19T20:16:07.090Z" ID="SamlAssertion-25171a8736ed098dde8659e5ba250b5f" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">ffx-ffe-w7-15.cgiabccompany.com</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="">test</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"><saml2:NameID>CN=ffx-ffe-w7-15.cgiabccompany.com, OU=ffx, OU=ffe, O=cgifederal, L=Herndon, ST=VA, C=US</saml2:NameID></saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotOnOrAfter="2013-04-19T20:21:08.437Z" NotBefore="2013-04-19T20:14:08.437Z"/>
<saml2:AttributeStatement>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="State Exchange Code">
<saml2:AttributeValue>MD0</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="User Type">
<saml2:AttributeValue>Consumer</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="ABC Company User ID">
<saml2:AttributeValue>[email protected]</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="Transfer Type">
<saml2:AttributeValue>Direct Service</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="Keep Alive URL">
<saml2:AttributeValue>https://www.mycompany.com/extendsession.jsp</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="First Name">
<saml2:AttributeValue>JOHN</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="Middle Name">
<saml2:AttributeValue>FISCHER</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="Last Name">
<saml2:AttributeValue>DOE</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="City Name">
<saml2:AttributeValue>PEORIA</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="State">
<saml2:AttributeValue>IL</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="Zip Code">
<saml2:AttributeValue>20190</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthnStatement SessionNotOnOrAfter="2013-04-12T15:43:42.328Z" SessionIndex="session#1" AuthnInstant="2013-04-12T15:43:42.328Z"><saml2:SubjectLocality DNSName="2.175.111.190" Address="1234 Fishy LN, PEORIA, IL 20190"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password
</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>