67
Here's the SAML document that the
CarRental service receives
<Response
xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
ID="fff011234"
Version="2.0"
IssueInstant="2005-01-31T12:00:00Z"
Destination="https://www.CarRentalInc.com">
<Status>
<StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
<StatusMessage>Success</StatusMessage>
</Status>
<Assertion
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
Version="2.0"
IssueInstant="2005-01-31T12:00:00Z"
ID="abe567de6">
<Issuer>http://www.AirlineInc.com</Issuer>
<Subject>…</Subject>
<Conditions NotBefore="2005-01-31T12:00:00Z"
NotOnOrAfter="2005-01-31T13:00:00Z"/>
<AuthnStatement
AuthnInstant="2005-01-29T09:32:00Z">
…
</AuthnStatement>
</Assertion>
</Response>
Notice
that there isn't an InResponseTo
attribute (since it is an
unsolicited response).
In
the <Subject> element there is
information that says, "The bearer
of this assertion is the subject
of the assertion." More about this later.