Use the SAML below as a template for encrypted SAML v2.0 integrations with Selerix BenSelect, or click here for an unencrypted SAML v1.1 template.  Actual XML may differ slightly depending on requirements dictated by the use case.  Because you are acting as the identity provider,  begin the SAML messaging with a SAML response [samlp:Response] and not an authentication request [samlp:AuthnRequest].

<samlp:Response Destination="https://www.clickenrollonline.com/Enroll/Login.aspx?Path=BES"

   IssueInstant="2017-03-31T11:27:29.831Z" ID="dNodnynb0OgXcarGyE2zwie-r6t" Version="2.0"

   xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

   <saml:Issuer

      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">BenefitEnrollmentServices

   </saml:Issuer>

   <ds:Signature

      xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

      <ds:SignedInfo>

         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

         <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />

         <ds:Reference URI="#dNodnynb0OgXcarGyE2zwie-r6t">

            <ds:Transforms>

               <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />

               <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

            </ds:Transforms>

            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

            <ds:DigestValue>BNnu5Bpm2hJR7A/7Syv7vaE8CH0=</ds:DigestValue>

         </ds:Reference>

      </ds:SignedInfo>

      <ds:SignatureValue>

sWhDy5328hHgZ5eXDTy4sUQ3iy4QQ4ZtotD1wlfuxaV4zySE6jxVb3zcm+ckc+b/fs0Ygv7DgKgfWVW+7OOkik6N//1K0nf8bgq46E2tBlHB9z7kD2hUGA5K71zwF3YFkuONtWAu9IcfKo4wEmO2evQao+n32XxcxCavzo+Rv+LrkPNB64VOX154Cv1uV21i6GDUMIhK0NMnWWV9b7duco8x63NC4mAfNbVWyhCOiMXRMkJ9KD7Qwpx1t66Y9acU/pDsx6ZDQ0trePDwapcFWo8Lxqj+X0j/rabFQPyQO59tS12rKrSP7FnVQYpxJ5rL2LWPg/ev4aLR6u/D1zayUQ==

      </ds:SignatureValue>

      <ds:KeyInfo>

         <ds:X509Data>

            <ds:X509Certificate>

MIID8jCCAtqgAwIBAgIQItb16lfqqEMvFD2/jbMemjANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRYwFAYDVQQDEw1UaGF3dGUgU1NMIENBMB4XDTEyMDYxMzAwMDAwMFoXDTE0MDkxMjIzNTk1OVowgYoxCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5ulsdmFuaWExEzARBgNVBAcUClBpdHRzYnVyZ2gxITAfBgNVBAoUGEVCZW5lZml0cyBTb2x1dGlvbnMsIExMQzESMBAGA1UECxQJRUJlbmVmaXRzMRgwFgYDVQQDFA8qLmViZW5lZml0cy5jb20wggEiA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6Lxu5efO8DsWRVbmigboG7wRz3fxFjz2nkOzYr75dTvGca637PioA2uT749vQeqj7DZVuOEUeTGZelINzkFvh/RZQZs2sDvu2TWytIxOpxigPc+HvyfNxvCBf5cZ+o/4Q92yQpCITyZy4pWoqFkqiAwg+QAZmYp7L/v3l6IWJTc3bai2ieMzp59zVT8CT83rFpE8uepSv/1sgMSFHcLyE4Pw9MSki/r1tPNGDJf2QIgnimi5yAHnVawmpITkNYCh2ptoWU83cgrMZavVJecsbgDpNCI6zeYOZhsy8qQVW4f+lG3qaPXPviW3F7Idq84m3YutV/IOl2dnMXJ3HQfAgMBAAGjgaAwgZ0wDAYDVR0TAQH/BAIwADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vc3ZyLW92LWNybC50aGF3dGUuY29tL1RoYXd0ZU9WLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCOszNpv6kOz/Qk4797RxczYt0G8h/EIMtnraTbpep4whhEBo6z1wWP05KxguqSo/70CW5+TK85pzK7RUqPhi6BCKj2RYHpv4PyTqC46rC/FzJ5YK0UF+2mKiRpJVFY93f9M9Mn66SdcklfQYRdVtdJrAHTDx67jyCk2ApHolqVkU/zVV/UDg+wJJBwD36bttlp+c9kdNfLwfBD1oJ/Fm18n2mxZ8rrYdrh0XPsdq9aDmdO6brCZuOvu0duiK86/e8Yxedq325eeplw1Xg9DreissCPuvBrazcJE3zVyNf+Yt4gV8jv/i3MXzUEDs9b1UROtdEjknwsFD5YdmDcD9jO

            </ds:X509Certificate>

         </ds:X509Data>

         <ds:KeyValue>

            <ds:RSAKeyValue>

               <ds:Modulus>

ui8buXnzvA7FkVW5ooG6Bu8Ec938RY89p5Ds2F6++XU7xnGut+z4qANrk++Pb0Hqo+w2VbjhFHkxmXpSDc5Bb4f0WUGbNrA77tk1srSMTqcYoD3Ph78nzcbwgX+XGfqP+EPdskKQiE8mcuKVqKhZKogMIPkAGZmKey/795eiFiU3N22otonjM6efc1U/Agk/N6xaRPLnqUr/9bIDEhR3C8hOD8PTEpIv69bTzRgyX9kCIJ4poucgB51WsJqSE5DWAodqbaFlPN3IKzGWr1SXnLG4A6TQiOs3mDmYbMvKkFVuH/pRt6mj1z74ltxeyHavOJt2LrVfyDpdnZzFydx0Hw==

               </ds:Modulus>

               <ds:Exponent>AQAB</ds:Exponent>

            </ds:RSAKeyValue>

         </ds:KeyValue>

      </ds:KeyInfo>

   </ds:Signature>

   <samlp:Status>

      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />

   </samlp:Status>

   <saml:Assertion Version="2.0" IssueInstant="2017-03-31T11:27:29.862Z" ID="L8VTH7TeLJDSgT66jA7YmkBHxk-"

      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

      <saml:Issuer>BenefitEnrollmentServices</saml:Issuer>

      <saml:Subject>

         <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">67987</saml:NameID>

         <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

            <saml:SubjectConfirmationData NotOnOrAfter="2017-03-31T11:32:29.862Z"

               Recipient="https://www.clickenrollonline.com/Enroll/Login.aspx?Path=BES" />

         </saml:SubjectConfirmation>

      </saml:Subject>

      <saml:Conditions NotOnOrAfter="2017-03-31T11:32:29.862Z" NotBefore="2017-03-31T11:22:29.862Z">

         <saml:AudienceRestriction>

            <saml:Audience>Selerix</saml:Audience>

         </saml:AudienceRestriction>

      </saml:Conditions>

      <saml:AuthnStatement AuthnInstant="2017-03-31T11:27:29.862Z" SessionIndex="L8VTH7TeLJDSgT66jA7YmkBHxk-">

         <saml:AuthnContext>

            <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>

         </saml:AuthnContext>

      </saml:AuthnStatement>

      <saml:AttributeStatement

         xmlns:xs="http://www.w3.org/2001/XMLSchema">

         <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="EnrollerID">

            <saml:AttributeValue xsi:type="xs:string"

               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">1234567

            </saml:AttributeValue>

         </saml:Attribute>

         <saml:EncryptedAttribute>

            <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"

               xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

               <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />

               <ds:KeyInfo

                  xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                  <xenc:EncryptedKey

                     xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

                     <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

                     <xenc:CipherData>

                        <xenc:CipherValue>

PhGoQPII4D9YKHvnQUgomQrtrjDMw+/Y2IMmm2Ut9NJ0s+hXE7KO+RutT0BWPMIXYyoWzs4I21hk0r/nTP/kb4jNsR5FD6TK6Vr+gaptcUz9iMhk5VH07zrZa9zuu+Q8bZmFhY+vhldEgMgjvrJXg8/WDdPKwECoL27cs6lq/5nUH1FZaG4ZzyI32hcEefALA7eHRmgeINuyFncIudJ/4p2fzOc3GbRXepdXnhoNsHc1O1bvLK2/f4hk+vq04gRwgyzwuxTAPThqtyuRcY4MMG2k6HFUVmyAzFwu3W96O8cKyKx/6r29Aj2xVQFx5wv1erMtuDWwzxnRYL8ZkgZ6ag==

                        </xenc:CipherValue>

                     </xenc:CipherData>

                  </xenc:EncryptedKey>

               </ds:KeyInfo>

               <xenc:CipherData>

                  <xenc:CipherValue>

abBJjMsTgAFyn4FNW7XzODMcTbIjN898Aa+CZjUz/cBzAYghJKce/P+vqzjR8N7anGXXXUjKJTLE 5S4L94FC2CjDPuio/4y9Ue/9T1xwlifGlfWPVFM3tJP51kJDFgqN7elErp3px2+hOaBc1jvn/DB8 ZeXT0UUu0qPTqzaO/NmApgtR56473UqGltVAZZuDybsbm//VppO/7S/Rx9S494nslkNwIixY67WX

... 7236 bytes removed for brevity. Block was originally 7784 bytes.

Jg3D5k8It6D5Td4dfuUDlodh20cqt6v1aNNe84q5yLFKi0DPbJidiUMKqez696DLOr95HBULtenD i+2ICPu4WxLfyL2wWxcnMIKlb9ftQTtVJ837sRYTzUNo2YRA7kbJDD7AODGpgWuXECfaEyCM0OnD VAiTxXUl996jhRE2X+IFNC6wFbCrgHa1YdQAHVg3RDc1EFe7kJ9t5HeWws7u3Ayv9hAY3lxQMu6o

bTQS

                  </xenc:CipherValue>

               </xenc:CipherData>

            </xenc:EncryptedData>

         </saml:EncryptedAttribute>

      </saml:AttributeStatement>

   </saml:Assertion>

</samlp:Response>