SAMI2.0协议
流程如下:
-
用户试图登录 SP 提供的应用。
-
SP 生成 SAML Request,通过浏览器重定向,向 IdP 发送 SAML Request。
-
IdP 解析 SAML Request 并将用户重定向到认证页面。
-
用户在认证页面完成登录。
-
IdP 生成 SAML Response,通过对浏览器重定向,向 SP 的 ACS 地址返回 SAML Response,其中包含 SAML
-
Assertion 用于确定用户身份。
-
SP 对 SAML Response 的内容进行检验。
-
用户成功登录到 SP 提供的应用。
流程图:
1. 平台配置
1.1. SAML2.0协议配置并启用
右上角点击"进入后台",进入后台配置页面。在后台配置左侧导航栏中,点击"单点登录",进入单点登录配置页面。
点击"新增单点登录"按钮,进入SAML2.0认证配置页面,如下图:
配置完成后,点击下方保存按钮,保存配置信息。
1.2. 使用SAML2.0协议单点登录
配置SAML2.0单点登录后,平台首页单点登录组件中,可查到到上一步所配置单点登录。
点击对应单点登录中的logo。系统重定向到应用ASC地址。
2. 应用方配置
2.1. 提供ASC地址。平台会重定向到应用ASC地址。
2.2. 第三方应用生成 SAML Request,通过浏览器重定向,向 平台 发送 SAML Request
接口 Request(GET/POST):http://{ip:port}/authz/saml20/idpinit/{code} 请求实体
返回结果(JSON结构):
示例:
{
"SAMLResponse": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwycDpSZXNwb25zZSBEZXN0aW5hdGlvbj0iaHR0cDovLzE5Mi4xNjguMy4yMjg6ODA4MC9pbmRleF9zc28ucGhwP2FjcyIgSUQ9Ik1YS183ZmUwMDYxZi1iM2YxLTQxZDItOTI0NS02ZDcxZTFmZWE5ZmQiIElzc3VlSW5zdGFudD0iMjAyNC0wNy0wM1QwODo1Njo0My4wMTRaIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vMTI1Ljc1LjE1Mi4xNjc6MTE1OTAvYXBpL2FwaTwvc2FtbDI6SXNzdWVyPjxzYW1sMnA6U3RhdHVzIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIElEPSJNWEtfMTc1MzhiMDYtYmRlNi00MzY0LTg1MmYtYzg5MWJkYTgyOWI2IiBJc3N1ZUluc3RhbnQ9IjIwMjQtMDctMDNUMDg6NTY6NDIuOTg1WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj48c2FtbDI6SXNzdWVyPmh0dHA6Ly8xMjUuNzUuMTUyLjE2NzoxMTU5MC9hcGkvYXBpPC9zYW1sMjpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+PGRzOlJlZmVyZW5jZSBVUkk9IiNNWEtfMTc1MzhiMDYtYmRlNi00MzY0LTg1MmYtYzg5MWJkYTgyOWI2Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIj48ZWM6SW5jbHVzaXZlTmFtZXNwYWNlcyBQcmVmaXhMaXN0PSJ4cyIgeG1sbnM6ZWM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3JtPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+NWpWdDVuc2dUem1wTDVZS3NobmRGblJXUlFJPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5NWkpOUnJhOGIxcFJ4aTdQQ0xTRnM2VzZraitjQS9wQXhRMzM1VzZ1VmwxNStoVUM2aGdNaFRIU2gzOGJ0K0E4N0pzNERKOTJLc3lRdXEyc2ozRGZtdHZ6dSs5ZkFoV2dzbjhSazdFN0lQcFVXNmo0QW56R2dNRW1XN3U0TmFzQ0NXLzVaUlZwQVhLc1dMYlBBU1kvcTV0V01aaFJRT3dXa0ZmZG1TLzBOY3ZGZXlKQkJWbnRtK1Nqd1hhWWtSRHB5UXJBRWhCVEhmb3VUQ1NybkNuK1REMFFWdGR2L1YyRGZPSC9SaDRvL0dJY3l1QjErV2VCSnlxTmJSNDJGUERCaHFMdXRGNGx3ZkFvUGdDTUR2RDM0WmU5K0hMSHJVNHIwZmtkenhsSEVhWmZZMU9MTlJMMGtSOUYvSEdqVEZma29vYUZ6cHZGWHNybFlZYkV4bHV6aEE9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJRGpEQ0NBblNnQXdJQkFnSUVYbGNzeGpBTkJna3Foa2lHOXcwQkFRc0ZBRENCaHpFZ01CNEdDU3FHU0liM0RRRUpBUllSYzJocGJXbHVaM2g1UURFMk15NWpiMjB4Q3pBSkJnTlZCQVlUQW1OdU1Rc3dDUVlEVlFRSURBSnphREVMTUFrR0ExVUVCd3dDYzJneER6QU5CZ05WQkFvTUJtMWhlR3RsZVRFUE1BMEdBMVVFQ3d3R2JXRjRhMlY1TVJvd0dBWURWUVFEREJGamJHbGxiblF1YldGNGEyVjVMbTl5WnpBZUZ3MHlNREF5TWpjd01qUXpOVEphRncwME1EQXlNamN3TWpRek5USmFNSUdITVNBd0hnWUpLb1pJaHZjTkFRa0JGaEZ6YUdsdGFXNW5lSGxBTVRZekxtTnZiVEVMTUFrR0ExVUVCaE1DWTI0eEN6QUpCZ05WQkFnTUFuTm9NUXN3Q1FZRFZRUUhEQUp6YURFUE1BMEdBMVVFQ2d3R2JXRjRhMlY1TVE4d0RRWURWUVFMREFadFlYaHJaWGt4R2pBWUJnTlZCQU1NRVdOc2FXVnVkQzV0WVhoclpYa3ViM0puTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFpaVlCZmlBRzhEWU5EWnRDa3B2U2E0ajNhbXFlQXFWQ1JmNE1wN3lBaTk4VzRMT2VtcTFPN2lHRmVBN1R4RHJXdUhpYURtaE10eXA4V1ZJNzdRNCtkUTcrQ21vK1NMRzVkMk5RZG01Wkx0NHNHTnA5SHMwTllCRzd5TkZybVByeXgyR1gvWWx5S1prNUlybHJDUlVVVUJrMmkyZUcwTzdQWVlaV3RyNXNuSkhtZklFaWVLbFh2UnpLaVR2S252Vks0VU5tMVRzQlJOYmhiZ3pyVkMxem5pck1naTF0OTM4YVhCQUtueS9KQ1htSWc0cHZWV0Q2bkVnUzJZTitqT212TWVKOW9DSEYwSTNnRm5TeEpCK25pQ3lBaHFIOWZkNVBTKzhyQUt2Q0pPYU1NbXJmbk1VaUdkM2oySWZUcWdVSWdWYVpLUENERUFWNFNjNVBPOWgrNndJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUF5aldYTmlnUjI5b21kckk1ajhadEUxUkVyWWxxRkdMeURJbG9sM25GUFV0alhlYktsbjduTm1kVkM5R3c1VllPVVNwOE1Ydkhjb0RaRU1OVE1Vc2F4cHdoTFBpdlNLZ3NJdzE1OGY1Vmt1K0V1Z01kcFJnd05XdFpMNm1lOXNNOE9WN0pxY0FKYmJ6cTBHL0ZLcmlhcFRjSWhKblVxWURFVXZST0w3SXRQTFlFb2d6b0lGY3QxclcwRUNoM2gyUkoxRk5uMGszK1RVanpjcm9IbHZvbjlnaUpwN0NqZEFSRU5xT0tFQUJWSXVpeFhaMkdtcVl1Ky9ZMi9NT3NoUU1UY3NsNXU4QkVXMEtJMVc3M21nZUF2NXRzcVg4eVV3bjJobU11T0U3aVFrWFNkVE9SZDRNOXkyeFJNUEZEaHpLVzNOa2FJVVJJTGRtVUkwNGtZdzIyVDwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMjpTdWJqZWN0PjxzYW1sMjpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDpwZXJzaXN0ZW50Ij5hZG1pbmlzdHJhdG9yPC9zYW1sMjpOYW1lSUQ+PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgQWRkcmVzcz0iMTcxLjgzLjEyNC4xNjEsIDE5Mi4xNjguMTAuMTAxIiBOb3RPbk9yQWZ0ZXI9IjIwMjQtMDctMDNUMDk6NDY6NDIuOTg1WiIgUmVjaXBpZW50PSJodHRwOi8vMTkyLjE2OC4zLjIyODo4MDgwL2luZGV4X3Nzby5waHAiLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyNC0wNy0wM1QwODo1Njo0Mi45ODVaIiBOb3RPbk9yQWZ0ZXI9IjIwMjQtMDctMDNUMDk6NDY6NDIuOTg1WiI+PHNhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWwyOkF1ZGllbmNlPnphYmJpeFRlc3Q8L3NhbWwyOkF1ZGllbmNlPjwvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWwyOkNvbmRpdGlvbnM+PHNhbWwyOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAyNC0wNy0wM1QwODo1NjowOC45MTNaIj48c2FtbDI6QXV0aG5Db250ZXh0PjxzYW1sMjpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3Nlczp1bnNwZWNpZmllZDwvc2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sMjpBdXRobkNvbnRleHQ+PC9zYW1sMjpBdXRoblN0YXRlbWVudD48c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+MThmOTIzYTctNWE1ZS00MjZkLTk0YWUtYTU1YWQxYTRiMjM5PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIi8+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJtb2JpbGUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4xODcwMjc0MjIyOTwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJlbWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciLz48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIE5hbWU9InVzZXJuYW1lIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+YWRtaW5pc3RyYXRvcjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+PC9zYW1sMnA6UmVzcG9uc2U+"
}
2.3. 第三方应用获取到SAML Request,通过校验解析获取用户信息。
Base64解析后(XM结构):
示例:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="http://192.168.3.228:8080/index_sso.php?acs" ID="MXK_7fe0061f-b3f1-41d2-9245-6d71e1fea9fd" IssueInstant="2024-07-03T08:56:43.014Z" Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://125.75.152.167:11590/api/api
</saml2:Issuer>
<saml2p:Status
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion ID="MXK_17538b06-bde6-4364-852f-c891bda829b6" IssueInstant="2024-07-03T08:56:42.985Z" Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer>http://125.75.152.167:11590/api/api</saml2:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#MXK_17538b06-bde6-4364-852f-c891bda829b6">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="xs"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>5jVt5nsgTzmpL5YKshndFnRWRQI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>MZJNRra8b1pRxi7PCLSFs6W6kj+cA/pAxQ335W6uVl15+hUC6hgMhTHSh38bt+A87Js4DJ92KsyQuq2sj3Dfmtvzu+9fAhWgsn8Rk7E7IPpUW6j4AnzGgMEmW7u4NasCCW/5ZRVpAXKsWLbPASY/q5tWMZhRQOwWkFfdmS/0NcvFeyJBBVntm+SjwXaYkRDpyQrAEhBTHfouTCSrnCn+TD0QVtdv/V2DfOH/Rh4o/GIcyuB1+WeBJyqNbR42FPDBhqLutF4lwfAoPgCMDvD34Ze9+HLHrU4r0fkdzxlHEaZfY1OLNRL0kR9F/HGjTFfkooaFzpvFXsrlYYbExluzhA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDjDCCAnSgAwIBAgIEXlcsxjANBgkqhkiG9w0BAQsFADCBhzEgMB4GCSqGSIb3DQEJARYRc2hpbWluZ3h5QDE2My5jb20xCzAJBgNVBAYTAmNuMQswCQYDVQQIDAJzaDELMAkGA1UEBwwCc2gxDzANBgNVBAoMBm1heGtleTEPMA0GA1UECwwGbWF4a2V5MRowGAYDVQQDDBFjbGllbnQubWF4a2V5Lm9yZzAeFw0yMDAyMjcwMjQzNTJaFw00MDAyMjcwMjQzNTJaMIGHMSAwHgYJKoZIhvcNAQkBFhFzaGltaW5neHlAMTYzLmNvbTELMAkGA1UEBhMCY24xCzAJBgNVBAgMAnNoMQswCQYDVQQHDAJzaDEPMA0GA1UECgwGbWF4a2V5MQ8wDQYDVQQLDAZtYXhrZXkxGjAYBgNVBAMMEWNsaWVudC5tYXhrZXkub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiYBfiAG8DYNDZtCkpvSa4j3amqeAqVCRf4Mp7yAi98W4LOemq1O7iGFeA7TxDrWuHiaDmhMtyp8WVI77Q4+dQ7+Cmo+SLG5d2NQdm5ZLt4sGNp9Hs0NYBG7yNFrmPryx2GX/YlyKZk5IrlrCRUUUBk2i2eG0O7PYYZWtr5snJHmfIEieKlXvRzKiTvKnvVK4UNm1TsBRNbhbgzrVC1znirMgi1t938aXBAKny/JCXmIg4pvVWD6nEgS2YN+jOmvMeJ9oCHF0I3gFnSxJB+niCyAhqH9fd5PS+8rAKvCJOaMMmrfnMUiGd3j2IfTqgUIgVaZKPCDEAV4Sc5PO9h+6wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAyjWXNigR29omdrI5j8ZtE1RErYlqFGLyDIlol3nFPUtjXebKln7nNmdVC9Gw5VYOUSp8MXvHcoDZEMNTMUsaxpwhLPivSKgsIw158f5Vku+EugMdpRgwNWtZL6me9sM8OV7JqcAJbbzq0G/FKriapTcIhJnUqYDEUvROL7ItPLYEogzoIFct1rW0ECh3h2RJ1FNn0k3+TUjzcroHlvon9giJp7CjdARENqOKEABVIuixXZ2GmqYu+/Y2/MOshQMTcsl5u8BEW0KI1W73mgeAv5tsqX8yUwn2hmMuOE7iQkXSdTORd4M9y2xRMPFDhzKW3NkaIURILdmUI04kYw22T</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">administrator</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData Address="171.83.124.161, 192.168.10.101" NotOnOrAfter="2024-07-03T09:46:42.985Z" Recipient="http://192.168.3.228:8080/index_sso.php"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2024-07-03T08:56:42.985Z" NotOnOrAfter="2024-07-03T09:46:42.985Z">
<saml2:AudienceRestriction>
<saml2:Audience>zabbixTest</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2024-07-03T08:56:08.913Z">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">18f923a7-5a5e-426d-94ae-a55ad1a4b239
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"/>
</saml2:Attribute>
<saml2:Attribute Name="mobile" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">18702742229
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"/>
</saml2:Attribute>
<saml2:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">administrator
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>