The following is an example SAML assertion including a SAML subject and a number of SAML attributes.
The SAML subject identifies the user whose identity is being asserted by the identity provider.
The SAML attributes include additional information provided by the identity provider.
<saml:Assertion Version=“2.0” ID=“_db28e69a-f5cf-440d-b5b2-bf789b5b750f” IssueInstant=“2014-02-22T01:17:27.948Z”
xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>
saml:Issuerurn:componentspace:ExampleIdentityProvider</saml:Issuer>
saml:Subject
<saml:NameID Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”>idp-user</saml:NameID>
<saml:SubjectConfirmation Method=“urn:oasis:names:tc:SAML:2.0:cm:bearer”>
<saml:SubjectConfirmationData NotOnOrAfter=“2014-02-22T01:20:27.956Z”
Recipient=“http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx”/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore=“2014-02-22T01:14:27.95Z” NotOnOrAfter=“2014-02-22T01:20:27.95Z”>
saml:AudienceRestriction
saml:Audienceurn:componentspace:ExampleServiceProvider</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant=“2014-02-22T01:17:27.958Z”
SessionIndex=“_db28e69a-f5cf-440d-b5b2-bf789b5b750f”>
saml:AuthnContext
saml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
saml:AttributeStatement
<saml:Attribute Name=“membership-level”>
<saml:AttributeValue xsi:type=“xs:string” xmlns:xs=“http://www.w3.org/2001/XMLSchema”
xmlns:xsi=“”=“” >platinum<=“”>“=”" >platinum<=“”>“=”" >platinum<=“”>“=”" >platinum<=“”>“=”" >platinum<=“”>“=”" >platinum<=“”>“>http://www.w3.org/2001/XMLSchema-instance”>platinum</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“membership-number”>
<saml:AttributeValue xsi:type=“xs:string” xmlns:xs=“http://www.w3.org/2001/XMLSchema”
xmlns:xsi=“<a href='http://www.w3.org/2001/XMLSchema-instance”>12345678</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement></saml:Assertion’ saml:assertion"=“” saml:attributestatement><=“” saml:attribute><=“” saml:attributevalue><=“” >12345678<=“”>“=”" >12345678<=“”>“=”" >12345678<=“”>“=”" >12345678<=“”>“=”" >12345678<=“”>“=”" >12345678<=“”>“>http://www.w3.org/2001/XMLSchema-instance”>12345678</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
The SAML subject identifies the user whose identity is being asserted by the identity provider.
The SAML attributes include additional information provided by the identity provider.
<saml:Assertion Version="2.0" ID="_db28e69a-f5cf-440d-b5b2-bf789b5b750f" IssueInstant="2014-02-22T01:17:27.948Z"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
urn:componentspace:ExampleIdentityProvider
idp-user
<saml:SubjectConfirmationData NotOnOrAfter="2014-02-22T01:20:27.956Z"
Recipient="http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx"/>
urn:componentspace:ExampleServiceProvider
<saml:AuthnStatement AuthnInstant="2014-02-22T01:17:27.958Z"
SessionIndex="_db28e69a-f5cf-440d-b5b2-bf789b5b750f">
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
http://www.w3.org/2001/XMLSchema"
xmlns:xsi=""="" >platinum<="">"="" >platinum<="">"="" >platinum<="">"="" >platinum<="">"="" >platinum<="">"="" >platinum<="">"="">">http://www.w3.org/2001/XMLSchema-instance">platinum
http://www.w3.org/2001/XMLSchema"
xmlns:xsi="<="" saml:attribute><="" saml:attributevalue><="" >12345678<="">"="" >12345678<="">"="" >12345678<="">"="" >12345678<="">"="" >12345678<="">"="" >12345678<="">"="">">http://www.w3.org/2001/XMLSchema-instance">12345678
Hi,
I need to know how can we set the below in .Please do the needful, this is very much required to configure one of our clients.
xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="<="" saml:attribute><="" saml:attributevalue><="" >12345678<="" style="font-family: arial, tahoma; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 248, 248);">"="" >12345678<="" style="font-family: arial, tahoma; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 248, 248);">"="" >12345678<="" style="font-family: arial, tahoma; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 248, 248);">"="" >12345678<="" style="font-family: arial, tahoma; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 248, 248);">"="" >12345678<="">"="" >12345678<="">"="">http://www.w3.org/2001/XMLSchema-instance"
This is done automatically if you’re using the SAML high level API which is the recommended approach.
When you call SAMLIdentityProvider.InitiateSSO or SAMLIdentityProvider.SendSSO, the xsi:type and namespace declarations are included automatically with the SAML attribute value.
The example SAML assertion above was generated using the high-level API.
If you’re generating a SAML assertion but these fields are not included, please include a section of your code.
When you call SAMLIdentityProvider.InitiateSSO or SAMLIdentityProvider.SendSSO, the xsi:type and namespace declarations are included automatically with the SAML attribute value.
The example SAML assertion above was generated using the high-level API.
If you're generating a SAML assertion but these fields are not included, please include a section of your code.
Hey,
Thanks a lot. In my case i had to use
IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState);
Doesn't this work out?
I tried the below scenario which amazingly worked out, do let me know if this is the correct way? (highlighted change)
AttributeStatement attributeStatement = new AttributeStatement();
SAMLAttribute samlattribute = new SAMLAttribute(p.Name, SAMLIdentifiers.AttributeNameFormats.Unspecified, null,"xs:string", Convert.ToString(p.GetValue(profile, null)));
attributeStatement.Attributes.Add(samlattribute);
samlAssertion.Statements.Add(attributeStatement);
That’s correct. This is part of the SAML low-level API. You specify the attribute type in the constructor.
Thanks a lot for the quick response :)
You’re welcome. 
I want to generate saml as below and I am using below C# .Net code using ComponentSpace.SAML Version 2.1
I am pasting section code I am using to generate this but not sure how to add Array like or list like data in attribute i.e. multiple attribute values inside attaribute as below.
Please help here.
AttributeStatement attStatement = new AttributeStatement();
foreach (SAMLModuleAttribute attb in lstAttributes)
{
attStatement.Attributes.Add(new SAMLAttribute(attb.AttributeName, SAMLIdentifiers.AttributeNameFormats.Basic, attb.FriendlyName, attb.AttributeValue));
}
I also tried attStatement.Attributes.Add(new SAMLAttribute(attb.AttributeName, SAMLIdentifiers.AttributeNameFormats.Unspecified, null, “xs:string”, attb.AttributeValue))
but it doesn’t allowed as it goves compile time error “SAMLAttribute does not take contain a constructor that takes 5 arguments.”
In above code AttributeName=Entity
and AttributeValue s will be >entity-value1 and entity-desc1 etc.
Please help me to resolve this.
<saml:Attribute Name=“Entity” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
<saml:AttributeValue xsi:type=“xs:string”>entity-value1</saml:AttributeValue>
<saml:AttributeValue xsi:type=“xs:string”>entity-desc1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“Entity” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
<saml:AttributeValue xsi:type=“xs:string”>entity-value2</saml:AttributeValue>
<saml:AttributeValue xsi:type=“xs:string”>entity-desc2</saml:AttributeValue>
</saml:Attribute>
Thanks,
Amol
Version 2.1 is quite old so it’s possible the overload you’re trying to use doesn’t exist in that version.
The following code creates the two attributes each with the two specified attribute values.
SAMLAttribute samlAttribute = new SAMLAttribute();
samlAttribute.Name = “Entity”;
samlAttribute.NameFormat = SAMLIdentifiers.AttributeNameFormats.Basic;
samlAttribute.Values.Add(new AttributeValue(“xs:string”, “entity-value1”));
samlAttribute.Values.Add(new AttributeValue(“xs:string”, “entity-desc1”));
attributeStatement.Attributes.Add(samlAttribute);
samlAttribute = new SAMLAttribute();
samlAttribute.Name = “Entity”;
samlAttribute.NameFormat = SAMLIdentifiers.AttributeNameFormats.Basic;
samlAttribute.Values.Add(new AttributeValue(“xs:string”, “entity-value2”));
samlAttribute.Values.Add(new AttributeValue(“xs:string”, “entity-desc2”));
attributeStatement.Attributes.Add(samlAttribute);
Hi,
Can I add an email subject with a High Level API?
Yes. It’s quite common for the SAML subject/Name ID to be an email address.
The userName parameter to SAMLIdentityProvider.InitiateSSO/SendSSO becomes the SAML subject/Name ID.
Hi,
Many thanks!
You’re welcome!