Suomi.fi e-Identification – Identification request (AuthnRequest)

Print Friendly, PDF & Email
 


Authentication requests can be made using HTTP-Redirect (GET) and HTTP-POST SAML2 profiles. Suomi.fi e-Identification sends the reply using HTTP-POST profile.

In these examples, the SAML messages are in their original format, from which they are converted to a format transmitted between the devices.

HTTP-POST

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                     AssertionConsumerServiceURL="https://kalastus.mallikunta.fi/SAML/ACS/POST"
                     Destination="https://testi.apro.tunnistus.fi/idp/profile/SAML2/POST/SSO"
                     ID="_3dafe578-c764-481e-b89f-e0ee85c2b306"
                     IssueInstant="2017-07-12T09:54:57.414Z"
                     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                     Version="2.0"
                     >
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://kalastus.mallikunta.fi</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <ds:DigestValue>HöpÖHöPölBnxrFe5XoDuyVlSj2VWe11TA4/qcKqcPa4=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>HöpÖHöPörEMmIJCCjIZlRvk2xSml9rcWEo68XNUEr6WdznftP5uIb4BpkJ5OIucijM18+5bO8KcNGaehrJUdYj9HJsEhA+8qdnrVxB3zzAjj04EcFcEIwOUfW87Xon+9HICNUkn6RtgC77o7W+kdN4nZaDfmOXg77sFCjG53N8tlkt0sdRPS4z2AoDlzFbVM1iN35KNlMJexMRPZJH2RrD8DfBWA/3bA4/FEZu+6fQIwI4kVrkvAAZYgU6AOIaibSAGTVBSiunzG7bEiK9ZMum/pfF3L8NBxos39XamzxtQJV9fAx+A6rjnF2LkbVj6b6HR4CtrhWK7qBc3PA9Q0aQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIC9jCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBlzELMAkGA1UEBhMCZmkx
EDAOBgNVBAgMB1V1c2ltYWExEzARBgNVBAoMCk1hbGxpa3VudGExHzAdBgNVBAMM
FmthbGFzdHVzLm1hbGxpa3VudGEuZmkxETAPBgNVBAsMCEthbGFzdHVzMS0wKwYJ
KoZIhvcNAQkBFh52YWx2b2phQGthbGFzdHVzLm1hbGxpa3VudGEuZmkwHhcNMTcw
NzEyMTAzNzUzWhcNMjAwNDA3MTAzNzUzWjCBlzELMAkGA1UEBhMCZmkxEDAOBgNV
BAgMB1V1c2ltYWExEzARBgNVBAoMCk1hbGxpa3VudGExHzAdBgNVBAMMFmthbGFz
dHVzLm1hbGxpa3VudGEuZmkxETAPBgNVBAsMCEthbGFzdHVzMS0wKwYJKoZIhvcN
AQkBFh52YWx2b2phQGthbGFzdHVzLm1hbGxpa3VudGEuZmkwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAJyw8fKRhBV+9FrehLCOZ/3gUxMymL39vNvRArIxRVTH
nVH6O8aqgF6kZWtZZ3CyY8311AiVMLW6CGfN1hHfx0X4Ht89hl6I/xjxy4epEIy+
8Hgc5dUGW4H1y4Cluv+/0+HPK0Q5cBZbK0UJEITQsztJXVzncxXkgW7WL9ls+ZYV
AgMBAAGjUDBOMB0GA1UdDgQWBBS2BqWELR0KeNzzWruj1EtxWllPLzAfBgNVHSME
GDAWgBS2BqWELR0KeNzzWruj1EtxWllPLzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBDQUAA4GBAEcS+hWu2Op0TOdJm4ZhtvJLqgGQ9bj1ICUzsozWIzaQLx83j5Kc
/A/0P57d2h/23fkMnbqbkFCFKt47GEBoo78sUEelj46k/lhuV5BDUEcAeCP7D+UR
GcpDlDzH9RiVL+c42YGElENu6mt2defOYLh16RvnJxR1lzhnSKmJV/Xz
</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2:Conditions xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                      NotOnOrAfter="2017-07-12T09:55:57.414Z"
                      >
    </saml2:Conditions>
</saml2p:AuthnRequest>

 

HTTP-Redirect

XML message, that is sent as a SAMLRequest query parameter value BASE64 coded.

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://kalastus.mallikunta.fi/SAML/ACS/POST" Destination="https://testi.apro.tunnistus.fi/idp/profile/SAML2/Redirect/SSO" ForceAuthn="false" ID="pfxbcd913e4-8445-dfdd-1514-4af1274b7fc9" IsPassive="false" IssueInstant="2017-05-24T10:24:29.735Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://kalastus.mallikunta.fi</saml2:Issuer>
  <saml2p:Extensions>
    <vetuma xmlns="urn:vetuma:SAML:2.0:extensions">
      <LG>fi</LG>
    </vetuma>
  </saml2p:Extensions>
</saml2p:AuthnRequest> 
RelayState: ss:mem:c2f6636c55d310a2f9f54ce6dbc739e78cdf8e535d2e6471c5af72293a863ed1
SigAlg: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Signature: cIDNsNlff9t9g9NTsYRcchD0K34/4jHEK/B8tHIqUJuETrEYN4QMxtRiAPI5P0f5WYfSVHkFkhz2k9lCAa6BGHlymLcA7qloZKFRFzefoS99rqiC7RkueJr21UBuwUgr/37Iw4ecbFA6SPQ7aUDujEExktEHWrucg4XfEpqpFtU=

 


 Document history

Version Changes Date/Author
 1.0 Document published on eSuomi 23.02.17 / NP
 1.2  Document updated  22.11.17 / NP

Yksilöintitunnus: JTO21