Versions Compared

Old Version 2

changes.mady.by.user Pieter van der Meulen

Saved on

compared with

New Version 3

changes.mady.by.user Pieter van der Meulen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

toc 

On this page example SAML 2.0 messages are shown to illustrate how the  SURFconext Strong Authentication Gateway uses SAML 2.0 to provide its functionality to Service Providers.

Table of Contents

Requesting authentication at a specific LoA

...

Note that all AuthnRequest messages must be signed be the SP using SHA-2. The SP must use the HTTP-REDIRECT binding to submit the request. When using this binding the signature is put in HTTP request parameters, no XML-Signature is used.

Authentication failure

When a user cancels the authentication at the SURFconext Strong Authentication gateway, the SURFconext Strong Authentication gateway sends a SAML Response back to the SP indicating failure. The reason for the failure is given in the StatusCode in the Response. When the requested LoA cannot be fulfilled the second level  StatusCode will be "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed".

...