SAML 2.0 Trusted (Example)

Trusted
<samlp:Response ID="_f8ea1a33-368c-4728-8dbb-528255180dc3"
		Version="2.0"
		IssueInstant="2020-01-09T14:31:15.122Z"
		Destination="https://auth.orionadvisor.com/sso/samlconsumer"
		xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
		>
	<saml:Issuer>https://sso.oriondemo.com/fed</saml:Issuer>
	<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
		<SignedInfo>
			<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
			<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
			<Reference URI="#_f8ea1a33-368c-4728-8dbb-528255180dc3">
				<Transforms>
					<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
					<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
						<InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi"
								xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
					</Transform>
				</Transforms>
				<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
				<DigestValue>JaO/bLAoG48QDQNVvlJcHGX7Geo=</DigestValue>
			</Reference>
		</SignedInfo>
		<SignatureValue>03ib15d0nvXyNuXXXX.........DFullSkTQ==</SignatureValue>
	</Signature>
	<samlp:Status>
		<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
	</samlp:Status>
	<saml:Assertion Version="2.0"
			ID="_482a689b-f509-4e9b-b116-9fd84b50efc6"
			IssueInstant="2020-01-09T14:31:15.122Z"
			xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
			>
		<saml:Issuer>https://sso.oriondemo.com/fed</saml:Issuer>
		<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
			<SignedInfo>
				<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
				<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
				<Reference URI="#_482a689b-f509-4e9b-b116-9fd84b50efc6">
					<Transforms>
						<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
						<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
							<InclusiveNamespaces PrefixList="#default saml ds xs xsi"
									xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"
									/>
						</Transform>
					</Transforms>
					<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
					<DigestValue>GjMy/IGQtLKhNF1sp3uInkVL0ok=</DigestValue>
				</Reference>
			</SignedInfo>
			<SignatureValue>QMXdI7w9ARl4FrAJcK5acjS8wcElz2/W+A+9YxxxbLONH2Lc8wtJEEpW+u/gMWNxxxxWJ1gyDE2q.........UyeC0eDD7WjH39KA==</SignatureValue>
			<KeyInfo>
				<X509Data>
					<X509Certificate>MIIDFTCCAf2gAwIBAgIQ5MTIzMTIzNT.........xU15PrmzMHa+3xxxxvMvYJujHDepyPJnJmtG7tKzFIbH5YQRgDpMdWjK0CM+R57XAgjyCx+bMc7HSTA==</X509Certificate>
				</X509Data>
			</KeyInfo>
		</Signature>
		<saml:Subject>
			<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">OCTestClient</saml:NameID>
			<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
				<saml:SubjectConfirmationData NotOnOrAfter="2020-01-09T14:33:15.122Z"
						Recipient="http://api.orionadvisor.local/sso/samlconsumer"
						/>
			</saml:SubjectConfirmation>
		</saml:Subject>
		<saml:Conditions NotBefore="2020-01-09T14:31:15.122Z"
				NotOnOrAfter="2020-01-09T14:33:15.122Z"
				>
			<saml:AudienceRestriction>
				<saml:Audience>http://api.orionadvisor.local/sso/samlconsumer</saml:Audience>
			</saml:AudienceRestriction>
		</saml:Conditions>
		<saml:AuthnStatement AuthnInstant="2020-01-09T14:31:15.122Z">
			<saml:AuthnContext>
				<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
			</saml:AuthnContext>
		</saml:AuthnStatement>
		<saml:AttributeStatement>
			<saml:Attribute Name="firmId"
					NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
					FriendlyName="firmId"
					>
				<saml:AttributeValue>{firmid}</saml:AttributeValue>
			</saml:Attribute>
******Required***  <saml:Attribute Name="partnerId"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
                    FriendlyName="partnerId"
                    >
                <saml:AttributeValue>{partnerid}</saml:AttributeValue>
            </saml:Attribute>
*****Required***  <saml:Attribute Name="authFlow"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
                    FriendlyName="authFlow"
                    >
                <saml:AttributeValue>Trusted</saml:AttributeValue>
            </saml:Attribute>
*****Not Required***     
        <saml:Attribute Name="firmId"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
                    FriendlyName="firmId"
                    >
                <saml:AttributeValue>{firmid}</saml:AttributeValue>
            </saml:Attribute>
*****Not Required***
            <saml:Attribute Name="username"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
                    FriendlyName="username"
                    >
                <saml:AttributeValue>{username}</saml:AttributeValue>
            </saml:Attribute>
		</saml:AttributeStatement>
	</saml:Assertion>
</samlp:Response>
Development Guides

SAML 2.0 Trusted (Example)
