Web Authentication Service Interface
Request Parameter | Required/ Optional | Description |
---|---|---|
|
|
Version parameter; the value must be |
|
|
Operation name; the value must be |
|
|
Authentication method; prescribes the value anticipated in the |
|
|
User’s authentication information, encoded as required by the authentication method. |
|
|
Flag as to whether or not a ticket is issued for an anonymous user. |
|
|
Prescribes the format to be returned by the WAS. The default is the generation of a samlp:Response Element; if |
The following authentication methods (METHOD) are supported:
- urn:opengeospatial:authNMethod:OWS:1.0:password
-
Password authentication. The CREDENTIALS parameter must contain the username followed by the password as a Base64-encoded, comma separated pair.
Example:
CREDENTIALS=dGVzdA==,dGVzdA==
- urn:opengeospatial:authNMethod:OWS:1.0:samlresponse
-
Denotes the SAML ticket authentication. The
CREDENTIALS
parameter must contain a valid base64-encodedsamlp:Response
orsaml:Assertion
Element, as issued by the WAS. This method can be employed for example when renewing tickets (before their validity has expired).
The preceding described parameters can be appended to the link http(s)://[HOST]/administration/WAS
as URL parameters, which means that HTTP-GET is used.
http://localhost:8080/administration/WAS?VERSION=1.1&REQUEST=GetSAMLResponse&METHOD=urn:opengeospatial:authNMethod:OWS:1.0:password&CREDENTIALS=dGVzdA==,dGVzdA==
http://localhost:8080/administration/WAS?VERSION=1.1&REQUEST=GetSAMLResponse&METHOD=urn:opengeospatial:authNMethod:OWS:1.0:password&ANONYMOUS=TRUE&CREDENTIALS=
The result of WAS authentication is a Base64-encoded samlp:Response element. When this ticket has been decoded, it looks like this:
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2010-02-12T10:42:35.765Z"
MajorVersion="1" MinorVersion="1" ResponseID="_84902b97cd7c2f66beeed4500dc475a1">
<Status>
<StatusCode Value="samlp:Success"/>
</Status>
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="_040bf74af75f3d3456aa88bacc19742c" IssueInstant="2010-02-12T10:42:35.765Z"
Issuer="ct-security" MajorVersion="1" MinorVersion="1">
<Conditions NotBefore="2010-02-12T10:42:35.280Z" NotOnOrAfter="2010-02-12T11:42:35.280Z"/>
<AuthenticationStatement AuthenticationInstant="2010-02-12T10:42:35.280Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<Subject>
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">
anonymous-946d7e7b-c176-4945-b54b-822e34101514
</NameIdentifier>
</Subject>
</AuthenticationStatement>
<AttributeStatement>
<Subject>
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">anonymous-946d7e7b-c176-4945-b54b-822e34101514</NameIdentifier>
</Subject>
<Attribute AttributeName="gender" AttributeNamespace="urn:ct:names">
<AttributeValue xsi:type="xsd:string">M</AttributeValue>
</Attribute>
<Attribute AttributeName="urn:conterra:names:sdi-suite:policy:attribute:group-name" AttributeNamespace="urn:ct:names">
<AttributeValue xsi:type="xsd:string">Gast</AttributeValue>
</Attribute>
<Attribute AttributeName="urn:conterra:names:sdi-suite:policy:attribute:user-id" AttributeNamespace="urn:ct:names">
<AttributeValue xsi:type="xsd:string">2</AttributeValue>
</Attribute>
<Attribute AttributeName="urn:conterra:names:sdi-suite:policy:attribute:group-id" AttributeNamespace="urn:ct:names">
<AttributeValue xsi:type="xsd:string">2</AttributeValue>
</Attribute>
<Attribute AttributeName="mail" AttributeNamespace="urn:ct:names">
<AttributeValue xsi:type="xsd:string">m.reiprecht@conterra.de</AttributeValue>
</Attribute>
<Attribute AttributeName="urn:conterra:names:sdi-suite:policy:attribute:role" AttributeNamespace="urn:ct:names">
<AttributeValue xsi:type="xsd:string">gast</AttributeValue>
</Attribute>
</AttributeStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds:Signature>
</Assertion>
</Response>