A Code Example
Because the SAML standard is designed only for the exchange of secure sign-on information between a user, or "relying party," and multiple issuing parties, it allows issuing parties to use their own chosen methods of authentication for example, PKI, hash, or password.
Here, a sample SAML-compliant request is sent from a relying party requesting password authentication by the issuing party.
<samlp: Request ...>
<samlp: AttributeQuery>
<saml: Subject>
<saml: NameIdentifier
SecurityDomain="sun. com"
Name="rimap"/>
</ saml: Subject>
<saml: AttributeDesignator
AttributeName="Employee_ ID"
AttributeNamespace="sun. com">
</ saml: AttributeDesignator>
</ samlp: AttributeQuery>
</ samlp: Request>
In response, the issuing authority asserts that the subject (S) was authenticated by means (M) at time (T).
<samlp: Response
MajorVersion="1" MinorVersion="0"
RequestID="128.14.234.20.90123456"
InResponseTo="123.45.678.90.12345678"
StatusCode="/features/2002/05/Success">
<saml: Assertion
MajorVersion="1" MinorVersion="0"
AssertionID="123.45.678.90.12345678"
Issuer="Sun Microsystems, Inc."
IssueInstant="2002- 01- 14T10: 00: 23Z">
<saml: Conditions
NotBefore="2002- 01- 14T10: 00: 30Z"
NotAfter="2002- 01- 14T10: 15: 00Z" />
<saml: AuthenticationStatement
AuthenticationMethod="Password"
AuthenticationInstant="2001- 01- 14T10: 00: 20Z">
<saml: Subject>
<saml: NameIdentifier
SecurityDomain="sun. com"
Name="rimap" />
</ saml: Subject>
</ saml: AuthenticationStatement>
</ saml: Assertion>
</ samlp: Response>