Authentication request message
From GEANT2-JRA1 Wiki
Contents |
[edit]
Authentication request
As we can see in the diagram, when perfSONAR Resources (pSR) receive a message, if they want to authenticate the client/user that had sent it, they will request an authentication to the AuthService. The following steps show how we should send the Authentication request message to the AS:
- pSR checks if it has received a Security Token with the message.
When a client sends a message to a pSR, this is the XML message sent This is done checking if there is a SOAP Header, <soapenv:Header>, inside the SOAP Envelope, <soapenv:Envelope>, and also, if there is a <wsse:Security> element inside the SOAP header.
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security
soapenv:actor="ac"
soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
.
.
.
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<nmwg:message>
</nmwg:message>
</soapenv:Body>
</soapenv:Envelope>
WARNING: If the security token is NOT sent, pSR MUST reply with the error code error.authn.not_sectoken.
- pSR checks if the received security token is based on an X.509 Certificate or on a SAML assertion.
- Based on an X.509 Certificate: pSR must check if there is any <wsse:BinarySecurityToken> element, having the attribute ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3", inside the <wsse:Security> element.
- Based on a SAML assertion: pSR must check if there is any <Assertion> inside the <wsse:Security> element.
- pSR sends an Authentication request message to the AS, specifying which kind of security token is sending and copying the <soapenv:Header> element received from the client. So, the SOAP message containing the Authentication request is:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security
soapenv:actor="ac"
soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
.
.
.
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<nmwg:message id="authNMessage1" type="AuthNEERequest" xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/">
<nmwg:metadata id="authNMetadata">
<nmwg:parameters id="keys">
<nmwg:parameter name="SecurityToken">XXXXXXX</nmwg:parameter>
</nmwg:parameters>
</nmwg:metadata>
<nmwg:data id="authN1" metadataIdRef="authNMetadata"/>
</nmwg:message>
</soapenv:Body>
</soapenv:Envelope>
Where, XXXXXXX is:
- http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1, if the security token is based on a SAML assertion.
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3, if the security token is based on an X.509 certificate.
[edit]
Authentication response
- The Authentication response is a simple message containing the event type of the process.
<nmwg:message id="authNMessage1_resp" messageIdRef="authNMessage1" type="AuthNEEResponse" xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/">
<nmwg:metadata id="localhost.localdomain.2c534c44:114b3c44663:-7fcd">
<nmwg:eventType>XXXXXXX</nmwg:eventType>
</nmwg:metadata>
<nmwg:data id="localhost.localdomain.2c534c44:114b3c44663:-7fcc" metadataIdRef="localhost.localdomain.2c534c44:114b3c44663:-7fcd"/>
</nmwg:message>
Where, XXXXXXX is:You can see all the AS result codes at Result_code_hierarchy
- success.as.authn, if the authentication request has been accepted.
- error.authn.wrong_params, if the authentication request has not right params.
- error.authn.assertion_not_included, if the authentication request has specified that it has a SAML assertion as security token but it has not included in the request.
- error.authn.assertion_not_valid, if the sent SAML assertion as security token is not valid in the eduGAIN trust model.
- error.authn.x509_not_included, if the authentication request has specified that it has a X.509 certificate as security token but it has not included in the request.
- error.authn.x509_not_valid, if the sent X.509 certificate as security token is not valid in the eduGAIN trust model.
- error.authn.not_sectoken, if the authentication request has not included the security token.
[edit]
Examples of authN requests
[edit]
Example of an X.509 certificate
- SOAP Message sent by a client to a pSR
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security
soapenv:actor="ac"
soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-16010509"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
MIIElDCCA3ygAwIBAgIBQzANBgkqhkiG9w0BAQUFADBBMRMwEQYKCZImiZPyLGQBGRMDbmV0
MRUwEwYKCZImiZPyLGQBGRMFZ2VhbnQxEzARBgNVBAMTCmVkdUdBSU5TQ0EwHhcNMDcwNTI4
MDgxNjE2WhcNMDgwNTI3MDgxNjE2WjBbMRMwEQYKCZImiZPyLGQBGRYDbmV0MRUwEwYKCZIm
iZPyLGQBGRYFZ2VhbnQxEDAOBgNVBAoTB0ZlZElSSVMxGzAZBgNVBAMTEnRlc3QtYXMucmVk
aXJpcy5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQxCW2uup3EDvVgWlpO
luEAZ9g/gfp6iwaypIrgp/
uk3J3LNT4iAfBg4KscZT4KnY97wHzCRoU2Uqgr3Lgm14RXZgbIl1pDf0XZa9uHVx0A+Q+
hnFhNevCbM7Bcw5gBwBEXKRm2aYTlUxrEXYitcyChSqxSqZ/
0BWwSe92lYiQxfdYh8k5NWnXrmqiSW3nQHLWGxMNt2qP/f6ih8I2e+D3R97XuHLk/
XnhethUwNIYRGtoiuinOr1hFRft1SfO1fAJsAdGiO1ERDXRNHHnTGUXRL5jIHXHl3hEfHd7X
TDfpSFB1q3hx0vwL5nLb6n6YpxS5G/
QkLtIZunaeS58rAOMCAwEAAaOCAXswggF3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDHi/
4JITDc5MCORoMV6+
HWVmYjtMB8GA1UdIwQYMBaAFIsPjyeA0pPXRl2RhLsumGKuBPHSMA4GA1UdDwEB/
wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZwGA1UdEQSBlDCBkYY3a
HR0cDovL3d3dy5yZWRpcmlzLmVzL3BraS9lZHVnYWluL2VlUmVzb2x2ZXI/
ZWU9YTNiMThjMYZWaHR0cDovL2VkdWdhaW4uZ2VhbnQubmV0L3Jlc29sdmVyP3Vybj11cm4l
M0FnZWFudCUzQWVkdWdhaW4lM0Fjb21wb25lbnQlM0FzcCUzQXRlc3QtYXMwQAYDVR0fBDkw
NzA1oDOgMYYvaHR0cDovL3d3dy5yZWRpcmlzLmVzL3BraS9lZHVnYWluL2NybC9jYWNybC5k
ZXIwFwYDVR0gBBAwDjAMBgorBgEEAbp7AgACMA0GCSqGSIb3DQEBBQUAA4IBAQAMj0taSdXv
60fFVI/djyqB47LqfhUMz1Ja0zKAjrZsS5H8SU+
D3ksOw0b6HR4BO21HFiYIHEB1UffEAgPqHhtcLT/
TJ5kiewKOqaHv5QcfgxFMolAiDUsB6i9bCrWdwJIqPePaDG7KHwcpmHB0vLwJihCpRBgdCqi
wz8i5VXdAmloMiEtnm1SU+1BfoTioi79/ZUhUBGPJb7GL20W3yyT9c4/
5JK5IKrRfXINlutqZgfUGXvyaxNh7Zgl3MpDaw8U5khl5ZSjcyfsBro2qQVMAJCcph1rwKNj
gX8MkTb4GYbUpcnVP7p089kz9OTOLteEzVTIi3VKKiykPWcUYlgwY
</wsse:BinarySecurityToken>
<ds:Signature Id="Signature-11459550" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#STRId-12160993">
<ds:Transforms>
<ds:Transform
Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>
LPWm9mc4GbU1/+Zf9qK3Abw9GAQ=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ueCF0yGx7Nsda8a+PXkGi6cPBKcr/0ya+YWdkVezs+Rzwvk/++d0S4tl+oAU7zWBPo5f9PRsS8M9
CtzRh6RqMIMOorseStILW0do32w8YXGknVK76QH5+e1kVQqAGFHyMM5/mEQs/xXW5l0xiDoWPWfM
fTt4hqXv766A2jj3UrxYnKM/1x2qHF7OhydmsIiCasuUyHsQRd010xvpeedZ5kiwnEqQD1/sqDmf
WJ5gjs8aiqiVXoO1IYIm/VRHEoOkUmQp9zBBjtlj/aH2dFhxKrIrl4Fp5dsAbdA9iDNSesp7sDG6
Rgy/joFVJydp6Bolc8WjDf3r6WK+NDynT9F35g==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-12534898">
<wsse:SecurityTokenReference
wsu:Id="STRId-12160993"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference
URI="#CertId-16010509"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<nmwg:message>
.
.
.
</nmwg:message>
</soapenv:Body>
</soapenv:Envelope>
- SOAP Message with the Authentication request sent by a pSR to the AS
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security
soapenv:actor="ac"
soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-16010509"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
MIIElDCCA3ygAwIBAgIBQzANBgkqhkiG9w0BAQUFADBBMRMwEQYKCZImiZPyLGQBGRMDbmV0
MRUwEwYKCZImiZPyLGQBGRMFZ2VhbnQxEzARBgNVBAMTCmVkdUdBSU5TQ0EwHhcNMDcwNTI4
MDgxNjE2WhcNMDgwNTI3MDgxNjE2WjBbMRMwEQYKCZImiZPyLGQBGRYDbmV0MRUwEwYKCZIm
iZPyLGQBGRYFZ2VhbnQxEDAOBgNVBAoTB0ZlZElSSVMxGzAZBgNVBAMTEnRlc3QtYXMucmVk
aXJpcy5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQxCW2uup3EDvVgWlpO
luEAZ9g/gfp6iwaypIrgp/
uk3J3LNT4iAfBg4KscZT4KnY97wHzCRoU2Uqgr3Lgm14RXZgbIl1pDf0XZa9uHVx0A+Q+
hnFhNevCbM7Bcw5gBwBEXKRm2aYTlUxrEXYitcyChSqxSqZ/
0BWwSe92lYiQxfdYh8k5NWnXrmqiSW3nQHLWGxMNt2qP/f6ih8I2e+D3R97XuHLk/
XnhethUwNIYRGtoiuinOr1hFRft1SfO1fAJsAdGiO1ERDXRNHHnTGUXRL5jIHXHl3hEfHd7X
TDfpSFB1q3hx0vwL5nLb6n6YpxS5G/
QkLtIZunaeS58rAOMCAwEAAaOCAXswggF3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDHi/
4JITDc5MCORoMV6+
HWVmYjtMB8GA1UdIwQYMBaAFIsPjyeA0pPXRl2RhLsumGKuBPHSMA4GA1UdDwEB/
wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZwGA1UdEQSBlDCBkYY3a
HR0cDovL3d3dy5yZWRpcmlzLmVzL3BraS9lZHVnYWluL2VlUmVzb2x2ZXI/
ZWU9YTNiMThjMYZWaHR0cDovL2VkdWdhaW4uZ2VhbnQubmV0L3Jlc29sdmVyP3Vybj11cm4l
M0FnZWFudCUzQWVkdWdhaW4lM0Fjb21wb25lbnQlM0FzcCUzQXRlc3QtYXMwQAYDVR0fBDkw
NzA1oDOgMYYvaHR0cDovL3d3dy5yZWRpcmlzLmVzL3BraS9lZHVnYWluL2NybC9jYWNybC5k
ZXIwFwYDVR0gBBAwDjAMBgorBgEEAbp7AgACMA0GCSqGSIb3DQEBBQUAA4IBAQAMj0taSdXv
60fFVI/djyqB47LqfhUMz1Ja0zKAjrZsS5H8SU+
D3ksOw0b6HR4BO21HFiYIHEB1UffEAgPqHhtcLT/
TJ5kiewKOqaHv5QcfgxFMolAiDUsB6i9bCrWdwJIqPePaDG7KHwcpmHB0vLwJihCpRBgdCqi
wz8i5VXdAmloMiEtnm1SU+1BfoTioi79/ZUhUBGPJb7GL20W3yyT9c4/
5JK5IKrRfXINlutqZgfUGXvyaxNh7Zgl3MpDaw8U5khl5ZSjcyfsBro2qQVMAJCcph1rwKNj
gX8MkTb4GYbUpcnVP7p089kz9OTOLteEzVTIi3VKKiykPWcUYlgwY
</wsse:BinarySecurityToken>
<ds:Signature Id="Signature-11459550" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#STRId-12160993">
<ds:Transforms>
<ds:Transform
Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>
LPWm9mc4GbU1/+Zf9qK3Abw9GAQ=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ueCF0yGx7Nsda8a+PXkGi6cPBKcr/0ya+YWdkVezs+Rzwvk/++d0S4tl+oAU7zWBPo5f9PRsS8M9
CtzRh6RqMIMOorseStILW0do32w8YXGknVK76QH5+e1kVQqAGFHyMM5/mEQs/xXW5l0xiDoWPWfM
fTt4hqXv766A2jj3UrxYnKM/1x2qHF7OhydmsIiCasuUyHsQRd010xvpeedZ5kiwnEqQD1/sqDmf
WJ5gjs8aiqiVXoO1IYIm/VRHEoOkUmQp9zBBjtlj/aH2dFhxKrIrl4Fp5dsAbdA9iDNSesp7sDG6
Rgy/joFVJydp6Bolc8WjDf3r6WK+NDynT9F35g==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-12534898">
<wsse:SecurityTokenReference
wsu:Id="STRId-12160993"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference
URI="#CertId-16010509"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<nmwg:message id="authNMessage1" type="AuthNEERequest" xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/">
<nmwg:metadata id="authNMetadata">
<nmwg:parameters id="keys">
<nmwg:parameter name="SecurityToken">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</nmwg:parameter>
</nmwg:parameters>
</nmwg:metadata>
<nmwg:data id="authN1" metadataIdRef="authNMetadata"/>
</nmwg:message>
</soapenv:Body>
</soapenv:Envelope>
[edit]
Example of a SAML assertion
- SOAP Message sent by a client to a pSR
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security
soapenv:actor="ac"
soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<Assertion AssertionID="_e513e929b35f38e47f87e5f42b3dc7e0"
IssueInstant="2007-08-27T15:13:04.013Z"
Issuer="urn:geant:edugain:component:filter:jra3:BoD"
MajorVersion="1" MinorVersion="1"
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
<Conditions>
<AudienceRestrictionCondition>
<Audience>urn:geant:edugain:component:filter:jra3:BoD</Audience>
</AudienceRestrictionCondition>
</Conditions>
<AuthenticationStatement
AuthenticationInstant="2007-08-27T15:13:04.012Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
<Subject>
<SubjectConfirmation>
<ConfirmationMethod>relayed-trust</ConfirmationMethod>
<SubjectConfirmationData>
<Assertion
AssertionID="_64de76b4e2e9167d0e0d8d9d8e8f502b"
IssueInstant="2007-08-27T14:51:46.213Z"
Issuer="urn:geant:edugain:component:be:net:geant:central"
MajorVersion="1" MinorVersion="1">
<Conditions
NotBefore="2007-08-27T14:51:46.008Z" NotOnOrAfter="2007-08-27T14:56:46.008Z"/>
<AuthenticationStatement
AuthenticationInstant="2007-08-27T14:51:46.008Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
<Subject>
<NameIdentifier NameQualifier="urn:geant:edugain:component:be:net:geant:central">f30387fcc2c59875b425865184575f23d3021b04</NameIdentifier>
</Subject>
</AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_64de76b4e2e9167d0e0d8d9d8e8f502b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
PrefixList="code ds kind rw saml samlp typens #default xsd xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>4WsHk4PakUsN1khXmNgRZeMm5XM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
B1JenJ+0StNltpcFgJ+QDyhpqL34bR0lCdHmNh1fv6gaOySupbIDj0t7K2cWO9lmIFAXmIEILjhw
Pq60cu8qk/EwKg4ullFTHWa2WlxQAsQaoMNSllvYbp92ZnhZ1Si4hMoO/qbuhgXfliK61IoioUfZ
U5vUuJjo6feVke5bEp8=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIEJDCCAwygAwIBAgIBADANBgkqhkiG9w0BAQUFADBBMRMwEQYKCZImiZPyLGQBGRMDbmV0MRUw
EwYKCZImiZPyLGQBGRMFZ2VhbnQxEzARBgNVBAMTCmVkdUdBSU5TQ0EwHhcNMDYwNTAyMTEzNzEw
WhcNMDcwNTAyMTEzNzEwWjBbMRMwEQYKCZImiZPyLGQBGRMDbmV0MRUwEwYKCZImiZPyLGQBGRMF
Z2VhbnQxEDAOBgNVBAoTB0ZlZElSSVMxGzAZBgNVBAMTEnNlcnZlcjEucmVkaXJpcy5lczCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9TzVI4RCDAVfMfqSOXpF1kAf38f9IB7FJ3qMgpjA/tfe
+e6Chk1fU7iM2aziQbcceNIIYYWwMA8x8B3jex+No5qWsawCZlFl+00NUeDH+nnlbsptSLo6Vonf
6VVlcctNZfXVz5tKcv1NlWvycGkL50OmV/zgFUFvESLbnlh5tJECAwEAAaOCAY8wggGLMAkGA1Ud
EwQCMAAwHQYDVR0OBBYEFE5QyOn6UDlfYo9xSWSXbvvCNFYTMGgGA1UdIwRhMF+AFP3zpnBJLs8Z
buBG4PudLUfm+7C9oUSkQjBAMRMwEQYKCZImiZPyLGQBGRYDbmV0MRUwEwYKCZImiZPyLGQBGRYF
Z2VhbnQxEjAQBgNVBAMTCWVkdUdBSU5DQYIBATALBgNVHQ8EBAMCBPAwOwYDVR0lBDQwMgYIKwYB
BQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwMGCCsGAQUFBwMIMFQGA1UdEQRNMEuG
SWh0dHA6Ly91cm4uZ2VhbnQubmV0L2VkdWdhaW4/Y2lkPXVybjpnZWFudDplZHVnYWluOmNvbXBv
bmVudDpobHM6Z2FsYXhpYW4wOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL3d3dy5pcmlzZ3JpZC5l
cy9wa2kvY3JsL2NhY3JsLnBlbTAaBgNVHSAEEzARMA8GDSsGAQQBunsCAgQBAQEwDQYJKoZIhvcN
AQEFBQADggEBAAKy7Vz6+ZBxu9od0zhLjY3RgEq0b4/b5SPL3G4GXvORFo1CPtI4U6JDwWSIXLad
h7MtYvOlvsJz50ZQztaGjaEG0Hr62HoAQJIb9QkgREyTxV9oJ6v57tvQkKiZfz6eXi+/Jm8pqJIK
kR8WLxoXFBtZxDGl1R4NwXseBP4W/3G1K0ndVEWA38VmFbAcSGhj/RFT7Mc5a/s7LfwmbEBNaBng
b3iGU7H/9DHxz1T64KYy60UVI7s48tVDewo7ApLqOvEtGR21H8mAPsFx7sUzcu/WNYPt77nWJGGM
3xio9fje5Rk96q5EtwCjJBQD5YE4zmxe7oJ5KSgKIsmCgkzP4VA=
</ds:X509Certificate>
<ds:X509Certificate>
MIIDxzCCAq+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMRMwEQYKCZImiZPyLGQBGRYDbmV0MRUw
EwYKCZImiZPyLGQBGRYFZ2VhbnQxEjAQBgNVBAMTCWVkdUdBSU5DQTAeFw0wNjAzMjkxMTU3MTFa
Fw0wNzAzMjkxMTU3MTFaMEExEzARBgoJkiaJk/IsZAEZEwNuZXQxFTATBgoJkiaJk/IsZAEZEwVn
ZWFudDETMBEGA1UEAxMKZWR1R0FJTlNDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMul25knoEhZ7kYGBRGBNotqfPmYHLGOlBgLDFMz4egfRIiK+5mQRw32FBXI3Ie9H52vZmSHfvV/
9REElo9+cxcysSuJ7PHP2Ow+H8q7oooxNIXI8w+aUF7rqz49HXCUS53B2cnL+aesiO3KV+yJ8y4O
E4NJQBxuVo0czyIadtoX40lBQYYd57+ap+F/8Vwz7nd4YOcTdnM18sIWjuZCXV9qg3J/NyV53Zw1
+cFXJSat+TQxqkiGO5lvc+TY79XU/d5CgQihsFUjboD7gTN2vD4chIAemqxQ/X5QR4JkP/WE2bEZ
FPIZpj+sFRzS3n23UmIgQwGOEwDqrhZNcVpfiNcCAwEAAaOByjCBxzAMBgNVHRMEBTADAQH/MB0G
A1UdDgQWBBT986ZwSS7PGW7gRuD7nS1H5vuwvTAfBgNVHSMEGDAWgBQGTtghG6aiIdEEuth/T18f
5bJH2DALBgNVHQ8EBAMCAcYwEwYDVR0lBAwwCgYIKwYBBQUHAwgwOQYDVR0fBDIwMDAuoCygKoYo
aHR0cDovL3d3dy5pcmlzZ3JpZC5lcy9wa2kvY3JsL2NhY3JsLnBlbTAaBgNVHSAEEzARMA8GDSsG
AQQBunsCAgQBAQEwDQYJKoZIhvcNAQEFBQADggEBAFNEoS8vMb4JCJb0uWe2a7hTELIM4EkmWnR1
6HEpf/Q79nnJzzm9KvooTYSfVVdRnIErH3vGE+ASSlwNT8Zg8eDs8t7B2cdfkGzhJrfV/x+oaQ08
wUirfQYjjaUhIzr0YIzH2Lw9/DEWQ/1DjPCZNt9K0BxcGJ7VJwgkkT/sJWoao25cwmtRF8k7CsaC
1ldUG9REvVrk/vvNonmSdVQgCkj+bpNg2IJvT3rZAFcPpDj2MruA8nqcqn97QMwrWLWvAE6ZrPTR
i3I7gR7Ch0rSRVT3vHzvGIMv5Ay+YF8B+NzzGjJ6JaztPcY6OGwTVGHD3I/RcktRxfCBsywDoefY
laU=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</Assertion>
</SubjectConfirmationData>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_e513e929b35f38e47f87e5f42b3dc7e0">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
PrefixList="code ds kind rw saml samlp typens #default xsd xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>XqKJ3abh2jeQBPK/nAFYLk0UslQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
DSpdXmniDZyMFfhWUiDQh9Wz7WHakgqS245GNpB5R7aXxisTVjApw3nGWWoPq2cpL2XG1MblwAUu
uw6MYdh5SYF5KZTw9ezdEg/pbb16udbqbpTooA8XmZX5jB2HObrNR2Fvu0tx///L0vuaixz2P5+F
WZUeiVNn0/Nu0iSjK37g68DqRECkYC99LLvXVO9ixQBcaIUvaE6Nu2TNK6hmLmyd6rhVqttVgxQP
2bNe1riz+sHoQfgug9nayHNyaZa+O7Zha8W9qh8LOf9Vp5SNu3cg+z5ijkxQBr4OxXL/2Obgx07e
gl569NF0N+FURehgct9Su7gHYu8Wo/lyu7LB1A==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIElDCCA3ygAwIBAgIBQzANBgkqhkiG9w0BAQUFADBBMRMwEQYKCZImiZPyLGQBGRMDbmV0MRUw
EwYKCZImiZPyLGQBGRMFZ2VhbnQxEzARBgNVBAMTCmVkdUdBSU5TQ0EwHhcNMDcwNTI4MDgxNjE2
WhcNMDgwNTI3MDgxNjE2WjBbMRMwEQYKCZImiZPyLGQBGRYDbmV0MRUwEwYKCZImiZPyLGQBGRYF
Z2VhbnQxEDAOBgNVBAoTB0ZlZElSSVMxGzAZBgNVBAMTEnRlc3QtYXMucmVkaXJpcy5lczCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQxCW2uup3EDvVgWlpOluEAZ9g/gfp6iwaypIrg
p/uk3J3LNT4iAfBg4KscZT4KnY97wHzCRoU2Uqgr3Lgm14RXZgbIl1pDf0XZa9uHVx0A+Q+hnFhN
evCbM7Bcw5gBwBEXKRm2aYTlUxrEXYitcyChSqxSqZ/0BWwSe92lYiQxfdYh8k5NWnXrmqiSW3nQ
HLWGxMNt2qP/f6ih8I2e+D3R97XuHLk/XnhethUwNIYRGtoiuinOr1hFRft1SfO1fAJsAdGiO1ER
DXRNHHnTGUXRL5jIHXHl3hEfHd7XTDfpSFB1q3hx0vwL5nLb6n6YpxS5G/QkLtIZunaeS58rAOMC
AwEAAaOCAXswggF3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDHi/4JITDc5MCORoMV6+HWVmYjt
MB8GA1UdIwQYMBaAFIsPjyeA0pPXRl2RhLsumGKuBPHSMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZwGA1UdEQSBlDCBkYY3aHR0cDovL3d3dy5yZWRpcmlz
LmVzL3BraS9lZHVnYWluL2VlUmVzb2x2ZXI/ZWU9YTNiMThjMYZWaHR0cDovL2VkdWdhaW4uZ2Vh
bnQubmV0L3Jlc29sdmVyP3Vybj11cm4lM0FnZWFudCUzQWVkdWdhaW4lM0Fjb21wb25lbnQlM0Fz
cCUzQXRlc3QtYXMwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL3d3dy5yZWRpcmlzLmVzL3BraS9l
ZHVnYWluL2NybC9jYWNybC5kZXIwFwYDVR0gBBAwDjAMBgorBgEEAbp7AgACMA0GCSqGSIb3DQEB
BQUAA4IBAQAMj0taSdXv60fFVI/djyqB47LqfhUMz1Ja0zKAjrZsS5H8SU+D3ksOw0b6HR4BO21H
FiYIHEB1UffEAgPqHhtcLT/TJ5kiewKOqaHv5QcfgxFMolAiDUsB6i9bCrWdwJIqPePaDG7KHwcp
mHB0vLwJihCpRBgdCqiwz8i5VXdAmloMiEtnm1SU+1BfoTioi79/ZUhUBGPJb7GL20W3yyT9c4/5
JK5IKrRfXINlutqZgfUGXvyaxNh7Zgl3MpDaw8U5khl5ZSjcyfsBro2qQVMAJCcph1rwKNjgX8Mk
Tb4GYbUpcnVP7p089kz9OTOLteEzVTIi3VKKiykPWcUYlgwY
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</Assertion>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<nmwg:message>
.
.
.
</nmwg:message>
</soapenv:Body>
</soapenv:Envelope>
- SOAP Message with the Authentication request sent by a pSR to the AS
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security
soapenv:actor="ac"
soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<Assertion AssertionID="_e513e929b35f38e47f87e5f42b3dc7e0"
IssueInstant="2007-08-27T15:13:04.013Z"
Issuer="urn:geant:edugain:component:filter:jra3:BoD"
MajorVersion="1" MinorVersion="1"
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
<Conditions>
<AudienceRestrictionCondition>
<Audience>urn:geant:edugain:component:filter:jra3:BoD</Audience>
</AudienceRestrictionCondition>
</Conditions>
<AuthenticationStatement
AuthenticationInstant="2007-08-27T15:13:04.012Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
<Subject>
<SubjectConfirmation>
<ConfirmationMethod>relayed-trust</ConfirmationMethod>
<SubjectConfirmationData>
<Assertion
AssertionID="_64de76b4e2e9167d0e0d8d9d8e8f502b"
IssueInstant="2007-08-27T14:51:46.213Z"
Issuer="urn:geant:edugain:component:be:net:geant:central"
MajorVersion="1" MinorVersion="1">
<Conditions
NotBefore="2007-08-27T14:51:46.008Z" NotOnOrAfter="2007-08-27T14:56:46.008Z"/>
<AuthenticationStatement
AuthenticationInstant="2007-08-27T14:51:46.008Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
<Subject>
<NameIdentifier NameQualifier="urn:geant:edugain:component:be:net:geant:central">f30387fcc2c59875b425865184575f23d3021b04</NameIdentifier>
</Subject>
</AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_64de76b4e2e9167d0e0d8d9d8e8f502b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
PrefixList="code ds kind rw saml samlp typens #default xsd xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>4WsHk4PakUsN1khXmNgRZeMm5XM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
B1JenJ+0StNltpcFgJ+QDyhpqL34bR0lCdHmNh1fv6gaOySupbIDj0t7K2cWO9lmIFAXmIEILjhw
Pq60cu8qk/EwKg4ullFTHWa2WlxQAsQaoMNSllvYbp92ZnhZ1Si4hMoO/qbuhgXfliK61IoioUfZ
U5vUuJjo6feVke5bEp8=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIEJDCCAwygAwIBAgIBADANBgkqhkiG9w0BAQUFADBBMRMwEQYKCZImiZPyLGQBGRMDbmV0MRUw
EwYKCZImiZPyLGQBGRMFZ2VhbnQxEzARBgNVBAMTCmVkdUdBSU5TQ0EwHhcNMDYwNTAyMTEzNzEw
WhcNMDcwNTAyMTEzNzEwWjBbMRMwEQYKCZImiZPyLGQBGRMDbmV0MRUwEwYKCZImiZPyLGQBGRMF
Z2VhbnQxEDAOBgNVBAoTB0ZlZElSSVMxGzAZBgNVBAMTEnNlcnZlcjEucmVkaXJpcy5lczCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9TzVI4RCDAVfMfqSOXpF1kAf38f9IB7FJ3qMgpjA/tfe
+e6Chk1fU7iM2aziQbcceNIIYYWwMA8x8B3jex+No5qWsawCZlFl+00NUeDH+nnlbsptSLo6Vonf
6VVlcctNZfXVz5tKcv1NlWvycGkL50OmV/zgFUFvESLbnlh5tJECAwEAAaOCAY8wggGLMAkGA1Ud
EwQCMAAwHQYDVR0OBBYEFE5QyOn6UDlfYo9xSWSXbvvCNFYTMGgGA1UdIwRhMF+AFP3zpnBJLs8Z
buBG4PudLUfm+7C9oUSkQjBAMRMwEQYKCZImiZPyLGQBGRYDbmV0MRUwEwYKCZImiZPyLGQBGRYF
Z2VhbnQxEjAQBgNVBAMTCWVkdUdBSU5DQYIBATALBgNVHQ8EBAMCBPAwOwYDVR0lBDQwMgYIKwYB
BQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwMGCCsGAQUFBwMIMFQGA1UdEQRNMEuG
SWh0dHA6Ly91cm4uZ2VhbnQubmV0L2VkdWdhaW4/Y2lkPXVybjpnZWFudDplZHVnYWluOmNvbXBv
bmVudDpobHM6Z2FsYXhpYW4wOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL3d3dy5pcmlzZ3JpZC5l
cy9wa2kvY3JsL2NhY3JsLnBlbTAaBgNVHSAEEzARMA8GDSsGAQQBunsCAgQBAQEwDQYJKoZIhvcN
AQEFBQADggEBAAKy7Vz6+ZBxu9od0zhLjY3RgEq0b4/b5SPL3G4GXvORFo1CPtI4U6JDwWSIXLad
h7MtYvOlvsJz50ZQztaGjaEG0Hr62HoAQJIb9QkgREyTxV9oJ6v57tvQkKiZfz6eXi+/Jm8pqJIK
kR8WLxoXFBtZxDGl1R4NwXseBP4W/3G1K0ndVEWA38VmFbAcSGhj/RFT7Mc5a/s7LfwmbEBNaBng
b3iGU7H/9DHxz1T64KYy60UVI7s48tVDewo7ApLqOvEtGR21H8mAPsFx7sUzcu/WNYPt77nWJGGM
3xio9fje5Rk96q5EtwCjJBQD5YE4zmxe7oJ5KSgKIsmCgkzP4VA=
</ds:X509Certificate>
<ds:X509Certificate>
MIIDxzCCAq+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMRMwEQYKCZImiZPyLGQBGRYDbmV0MRUw
EwYKCZImiZPyLGQBGRYFZ2VhbnQxEjAQBgNVBAMTCWVkdUdBSU5DQTAeFw0wNjAzMjkxMTU3MTFa
Fw0wNzAzMjkxMTU3MTFaMEExEzARBgoJkiaJk/IsZAEZEwNuZXQxFTATBgoJkiaJk/IsZAEZEwVn
ZWFudDETMBEGA1UEAxMKZWR1R0FJTlNDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMul25knoEhZ7kYGBRGBNotqfPmYHLGOlBgLDFMz4egfRIiK+5mQRw32FBXI3Ie9H52vZmSHfvV/
9REElo9+cxcysSuJ7PHP2Ow+H8q7oooxNIXI8w+aUF7rqz49HXCUS53B2cnL+aesiO3KV+yJ8y4O
E4NJQBxuVo0czyIadtoX40lBQYYd57+ap+F/8Vwz7nd4YOcTdnM18sIWjuZCXV9qg3J/NyV53Zw1
+cFXJSat+TQxqkiGO5lvc+TY79XU/d5CgQihsFUjboD7gTN2vD4chIAemqxQ/X5QR4JkP/WE2bEZ
FPIZpj+sFRzS3n23UmIgQwGOEwDqrhZNcVpfiNcCAwEAAaOByjCBxzAMBgNVHRMEBTADAQH/MB0G
A1UdDgQWBBT986ZwSS7PGW7gRuD7nS1H5vuwvTAfBgNVHSMEGDAWgBQGTtghG6aiIdEEuth/T18f
5bJH2DALBgNVHQ8EBAMCAcYwEwYDVR0lBAwwCgYIKwYBBQUHAwgwOQYDVR0fBDIwMDAuoCygKoYo
aHR0cDovL3d3dy5pcmlzZ3JpZC5lcy9wa2kvY3JsL2NhY3JsLnBlbTAaBgNVHSAEEzARMA8GDSsG
AQQBunsCAgQBAQEwDQYJKoZIhvcNAQEFBQADggEBAFNEoS8vMb4JCJb0uWe2a7hTELIM4EkmWnR1
6HEpf/Q79nnJzzm9KvooTYSfVVdRnIErH3vGE+ASSlwNT8Zg8eDs8t7B2cdfkGzhJrfV/x+oaQ08
wUirfQYjjaUhIzr0YIzH2Lw9/DEWQ/1DjPCZNt9K0BxcGJ7VJwgkkT/sJWoao25cwmtRF8k7CsaC
1ldUG9REvVrk/vvNonmSdVQgCkj+bpNg2IJvT3rZAFcPpDj2MruA8nqcqn97QMwrWLWvAE6ZrPTR
i3I7gR7Ch0rSRVT3vHzvGIMv5Ay+YF8B+NzzGjJ6JaztPcY6OGwTVGHD3I/RcktRxfCBsywDoefY
laU=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</Assertion>
</SubjectConfirmationData>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_e513e929b35f38e47f87e5f42b3dc7e0">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
PrefixList="code ds kind rw saml samlp typens #default xsd xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>XqKJ3abh2jeQBPK/nAFYLk0UslQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
DSpdXmniDZyMFfhWUiDQh9Wz7WHakgqS245GNpB5R7aXxisTVjApw3nGWWoPq2cpL2XG1MblwAUu
uw6MYdh5SYF5KZTw9ezdEg/pbb16udbqbpTooA8XmZX5jB2HObrNR2Fvu0tx///L0vuaixz2P5+F
WZUeiVNn0/Nu0iSjK37g68DqRECkYC99LLvXVO9ixQBcaIUvaE6Nu2TNK6hmLmyd6rhVqttVgxQP
2bNe1riz+sHoQfgug9nayHNyaZa+O7Zha8W9qh8LOf9Vp5SNu3cg+z5ijkxQBr4OxXL/2Obgx07e
gl569NF0N+FURehgct9Su7gHYu8Wo/lyu7LB1A==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIElDCCA3ygAwIBAgIBQzANBgkqhkiG9w0BAQUFADBBMRMwEQYKCZImiZPyLGQBGRMDbmV0MRUw
EwYKCZImiZPyLGQBGRMFZ2VhbnQxEzARBgNVBAMTCmVkdUdBSU5TQ0EwHhcNMDcwNTI4MDgxNjE2
WhcNMDgwNTI3MDgxNjE2WjBbMRMwEQYKCZImiZPyLGQBGRYDbmV0MRUwEwYKCZImiZPyLGQBGRYF
Z2VhbnQxEDAOBgNVBAoTB0ZlZElSSVMxGzAZBgNVBAMTEnRlc3QtYXMucmVkaXJpcy5lczCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQxCW2uup3EDvVgWlpOluEAZ9g/gfp6iwaypIrg
p/uk3J3LNT4iAfBg4KscZT4KnY97wHzCRoU2Uqgr3Lgm14RXZgbIl1pDf0XZa9uHVx0A+Q+hnFhN
evCbM7Bcw5gBwBEXKRm2aYTlUxrEXYitcyChSqxSqZ/0BWwSe92lYiQxfdYh8k5NWnXrmqiSW3nQ
HLWGxMNt2qP/f6ih8I2e+D3R97XuHLk/XnhethUwNIYRGtoiuinOr1hFRft1SfO1fAJsAdGiO1ER
DXRNHHnTGUXRL5jIHXHl3hEfHd7XTDfpSFB1q3hx0vwL5nLb6n6YpxS5G/QkLtIZunaeS58rAOMC
AwEAAaOCAXswggF3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDHi/4JITDc5MCORoMV6+HWVmYjt
MB8GA1UdIwQYMBaAFIsPjyeA0pPXRl2RhLsumGKuBPHSMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZwGA1UdEQSBlDCBkYY3aHR0cDovL3d3dy5yZWRpcmlz
LmVzL3BraS9lZHVnYWluL2VlUmVzb2x2ZXI/ZWU9YTNiMThjMYZWaHR0cDovL2VkdWdhaW4uZ2Vh
bnQubmV0L3Jlc29sdmVyP3Vybj11cm4lM0FnZWFudCUzQWVkdWdhaW4lM0Fjb21wb25lbnQlM0Fz
cCUzQXRlc3QtYXMwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL3d3dy5yZWRpcmlzLmVzL3BraS9l
ZHVnYWluL2NybC9jYWNybC5kZXIwFwYDVR0gBBAwDjAMBgorBgEEAbp7AgACMA0GCSqGSIb3DQEB
BQUAA4IBAQAMj0taSdXv60fFVI/djyqB47LqfhUMz1Ja0zKAjrZsS5H8SU+D3ksOw0b6HR4BO21H
FiYIHEB1UffEAgPqHhtcLT/TJ5kiewKOqaHv5QcfgxFMolAiDUsB6i9bCrWdwJIqPePaDG7KHwcp
mHB0vLwJihCpRBgdCqiwz8i5VXdAmloMiEtnm1SU+1BfoTioi79/ZUhUBGPJb7GL20W3yyT9c4/5
JK5IKrRfXINlutqZgfUGXvyaxNh7Zgl3MpDaw8U5khl5ZSjcyfsBro2qQVMAJCcph1rwKNjgX8Mk
Tb4GYbUpcnVP7p089kz9OTOLteEzVTIi3VKKiykPWcUYlgwY
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</Assertion>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<nmwg:message id="authNMessage1" type="AuthNEERequest" xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/">
<nmwg:metadata id="authNMetadata">
<nmwg:parameters id="keys">
<nmwg:parameter name="SecurityToken">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</nmwg:parameter>
</nmwg:parameters>
</nmwg:metadata>
<nmwg:data id="authN1" metadataIdRef="authNMetadata"/>
</nmwg:message>
</soapenv:Body>
</soapenv:Envelope>
