CZ-NIC / django-eidas-specific-node

GNU General Public License v3.0
2 stars 2 forks source link

Add <saml2:SubjectConfirmation> #73

Closed jiri-janousek closed 5 years ago

jiri-janousek commented 5 years ago

It is required by NIA: ID4131: A Saml2SecurityToken cannot be created from the Saml2Assertion because it has no SubjectConfirmation.

Sample

<saml2:Subject>
  <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
                NameQualifier="http://C-PEPS.gov.xx">SE/CZ/199008199391</saml2:NameID>
  <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
    <saml2:SubjectConfirmationData Address="127.0.0.1"
                                   InResponseTo="idf4e3164e4e1b4d8f8836647f779d63d5"
                                   NotOnOrAfter="2019-10-22T14:30:05.928Z"
                                   Recipient="https://tnia.eidentita.cz/fpsts/processRequest.aspx" /></saml2:SubjectConfirmation>
</saml2:Subject>
jiri-janousek commented 5 years ago

Subject confirmation Bearer (URI: urn:oasis:names:tc:SAML:2.0:cm:bearer): The subject of the assertion is the bearer of the assertion, subject to optional constraints on confirmationusing the attributes that MAY be present in the <SubjectConfirmationData> element, as defined by [SAMLCore].