toc
On this page example SAML 2.0 messages are shown to illustrate how the SURFconext Strong Authentication Gateway uses SAML 2.0 to provide its functionality to Service Providers.
Table of Contents |
---|
Requesting authentication at a specific LoA
...
Note that all AuthnRequest messages must be signed be the SP using SHA-2. The SP must use the HTTP-REDIRECT
binding to submit the request. When using this binding the signature is put in HTTP request parameters, no XML-Signature is used.
Authentication failure
When a user cancels the authentication at the SURFconext Strong Authentication gateway, the SURFconext Strong Authentication gateway sends a SAML Response back to the SP indicating failure. The reason for the failure is given in the StatusCode
in the Response
. When the requested LoA cannot be fulfilled the second level StatusCode
will be "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
".
...