Selerix Developer Tools
SAML v2.0 Template (unencrypted)
Enrollment Integrations > Enrollment Integration Details > Developer Walkthroughs > Single Sign-On (SSO) > SAML v2.0 Integration > SAML v2.0 Template (unencrypted)

Use the SAML below as a template for unencrypted SAML v2.0 integrations with Selerix BenSelect, or click here for an example of an encrypted SAML message.  Actual XML may differ depending on requirements dictated by the use case.  Because you are acting as the identity provider,  begin the SAML messaging with a SAML response [samlp:Response] and not an authentication request [samlp:AuthnRequest].

<samlp:Response ID="dc7625f4-34b5-445b-80a8-fb82736958d5" Version="2.0" IssueInstant="2017-03-29T18:37:04Z"

   Destination="https://benselect.com/Enroll/Login.aspx?path=BES"

   xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

   <saml:Issuer

      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">BenefitEnrollmentServices

   </saml:Issuer>

   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">

      <SignedInfo>                        

         <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

         <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />

         <Reference URI="#dc7625f4-34b5-445b-80a8-fb82736958d5">

            <Transforms>

               <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />

               <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                  <InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi"

                     xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />

                  </Transform>

               </Transforms>

               <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

               <DigestValue>HRwpFkr0fXsutvKjtccTTMgOfro=</DigestValue>

            </Reference>

         </SignedInfo>

<SignatureValue>Z3guGHKpnQqNDz+Gr5dB1MSiml6kA/XlUoVXGkfr4+Xl1xd5eEdNNciSWEE3cRUA7FhB9Vg96SVT2skskyB4PUSLk3I50rnz8OMhfk+fZ789Iv2Z6dG9vXk40I/xAh9zHAOaEs01rZKJsvk/pkx2UjHI0531rAe17VnZeFg9CLE=</SignatureValue>

         <KeyInfo>

            <X509Data>

<X509Certificate>MIIFSjCCBDKgAwIBAgIRAOeKzOuXpJC6fOyrXo9hDAAwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5DLjEwMC4GA1UEAxMnTmV0d29yayBTb2x1dGlvbnMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTAxODAwMDAwMFoXDTE0MTIyODIzNTk1OVowgdoxCzAJBgNVBAYTAlVTMQ4wDAYDVQQREwU5MTMxMTELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkNoYXRzd29ydGgxITAfBgNVBAkTGDk1MDAgVG9wYW5nYSBDYW55b24gQmx2ZDEkMCIGA1UEChMbQmVuZWZpdCBTZXJ2aWNlIENlbnRlciBJbmMuMQ8wDQYDVQQLEwZPbmxpbmUxHDAaBgNVBAsTE1NlY3VyZSBMaW5rIFNTTCBQcm8xITAfBgNVBAMTGHd3dy5teWJlbmVmaXRjaG9pY2VzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhqRt+4XGn+vwvwR9GCHdg4sToLJNybtCSCVoPAMJfRrOWPfHd2Zg2w4EAgIG/UJFydUekAEAmZIMMKGbDhIdy58H/uA0iyRA6Ue7Zj7Yzhsr/46M/xx9t3q98HXDjnNHo03cEGGf0RD9BdVTvTS5oCDoT2DKQEn8GZhI2pUPcmUCAwEAAaOCAgQwggIAMB8GA1UdIwQYMBaAFDxB4o8ICKlMJYmNbcU40PyFjGIXMB0GA1UdDgQWBBRWLXhbimwKmKKr2+vgQYIbRc5NOjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0gBGQwYjBgBgwrBgEEAYYOAQIBAwEwUDBOBggrBgEFBQcCARZCaHR0cDovL3d3dy5uZXR3b3Jrc29sdXRpb25zLmNvbS9sZWdhbC9TU0wtbGVnYWwtcmVwb3NpdG9yeS1jcHMuanNwMHoGA1UdHwRzMHEwNqA0oDKGMGh0dHA6Ly9jcmwubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zX0NBLmNybDA3oDWgM4YxaHR0cDovL2NybDIubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zX0NBLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly93d3cubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zX0NBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AubmV0c29sc3NsLmNvbTAjBgNVHREEHDAaghh3d3cubXliZW5lZml0Y2hvaWNlcy5jb20wDQYJKoZIhvcNAQEFBQADggEBAIexaq/s8Yaqdy8rU1A6HwSuFTh+iYVrnmOnQf9rgO91rKglXAyL7G6o4IzESP1txOrGGDu6H+6kQOPbKKLLw+VHDD0gLayOkVr57BV+7KL7CuhG0s/hDP+25AFNGv1Q5ZbERqFzQgLQ9KQ9s9pjpPqZlKMA8oeZzwGIh8JYe1CYdf5G84e0y1SKzQkJ62Y+ajjxVb5hZMddyE3dYj5om0k411CDHtIOfFZFTsHbKhtt9cRY5e4Ub6Nc0dtTXW4YNbP3TR+Xrpv9qqa3s37gBx+rp1IOyU5h/tGjGr/lo60gXGfuhA+puykpH9YY/oqmr1cjOyWsync12MZgUJ49O/Y=</X509Certificate>

            </X509Data>

         </KeyInfo>

      </Signature>

      <samlp:Status>

         <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />

      </samlp:Status>

 

      <saml:Assertion Version="2.0" ID="dafcd9b9-a583-4d71-bfba-e5f6d902b45b" IssueInstant="2017-03-29T18:37:04Z"

         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

         <saml:Issuer>BenefitEnrollmentServices</saml:Issuer>

         <saml:Subject>

            <saml:NameID>010449</saml:NameID>

            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

<saml:SubjectConfirmationData NotOnOrAfter="2017-03-29T19:37:04Z" Recipient="https://benselect.com/Enroll/Login.aspx?path=BES" />

</saml:SubjectConfirmation>

         </saml:Subject>

 

         <saml:Conditions NotBefore="2017-03-29T17:37:04Z" NotOnOrAfter="2017-03-29T19:37:04Z">

            <saml:AudienceRestriction>

               <saml:Audience>Selerix</saml:Audience>

            </saml:AudienceRestriction>

         </saml:Conditions>

 

         <saml:AuthnStatement AuthnInstant="2017-03-29T18:37:04Z">

            <saml:AuthnContext>

               <saml:AuthnContextClassRef>

                 urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified

               </saml:AuthnContextClassRef>

            </saml:AuthnContext>

         </saml:AuthnStatement>

 

         <saml:AttributeStatement>

            <saml:Attribute Name="Transmittal" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>

&lt;?xml version="1.0" encoding="utf-8"?&gt;

&lt;Transmittal

   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

   xmlns:xsd="http://www.w3.org/2001/XMLSchema"&gt;

&lt;Agents&gt;

  &lt;Agent ID="NWB0NL82" Type="Agency"&gt;

    &lt;FirstName&gt;Iona&lt;/FirstName&gt;

    &lt;LastName&gt;Ford&lt;/LastName&gt;

    &lt;Number&gt;NWZ0NZ88&lt;/Number&gt;

    &lt;Split&gt;0&lt;/Split&gt;

    &lt;EnrollerType&gt;CallCenter&lt;/EnrollerType&gt;

  &lt;/Agent&gt;

&lt;/Agents&gt;

 

&lt;Applicants&gt;

  &lt;Applicant ID="010449" EmployeeID="010449"&gt;

    &lt;Address&gt;

      &lt;Line1&gt;8135 Brighton Early&lt;/Line1&gt;

      &lt;City&gt;McKinney&lt;/City&gt;

      &lt;State&gt;TX&lt;/State&gt;

      &lt;Zip&gt;75075&lt;/Zip&gt;

    &lt;/Address&gt;

    &lt;PhoneHome&gt;1231231234&lt;/PhoneHome&gt;

    &lt;Email&gt;aphelia@slavamail.com&lt;/Email&gt;

    &lt;SSN&gt;123-12-1234&lt;/SSN&gt;

    &lt;FirstName&gt;Aphelia&lt;/FirstName&gt;

    &lt;LastName&gt;Payne&lt;/LastName&gt;

    &lt;Sex&gt;Female&lt;/Sex&gt;

    &lt;Employment&gt;

      &lt;HireDate&gt;2017-01-10T00:00:00&lt;/HireDate&gt;

      &lt;EligibilityDate&gt;2017-04-01T00:00:00&lt;/EligibilityDate&gt;

      &lt;Title&gt;Tuba Player&lt;/Title&gt;

      &lt;Department&gt;Symphonics&lt;/Department&gt;

      &lt;Location&gt;Uptown Center&lt;/Location&gt;

      &lt;PayGroup&gt;Biweekly&lt;/PayGroup&gt;

      &lt;Salary&gt;76543.00&lt;/Salary&gt;

      &lt;HoursPerWeek&gt;40&lt;/HoursPerWeek&gt;

    &lt;/Employment&gt;

    &lt;LegalStatus&gt;Employee&lt;/LegalStatus&gt;

    &lt;Relationship&gt;Employee&lt;/Relationship&gt;

    &lt;BirthDate&gt;1982-03-30T00:00:00&lt;/BirthDate&gt;

    &lt;UserID&gt;487662-89&lt;/UserID&gt;

  &lt;/Applicant&gt;

 

  &lt;Applicant ID="780dcc7a-f6c2-4017-8109-317b48a4b3dd"

    UniqueID="780dcc7a-f6c2-4017-8109-317b48a4b3dd" EmployeeID="010449"&gt;

    &lt;SSN&gt;321-32-3210&lt;/SSN&gt;

    &lt;FirstName&gt;Moe&lt;/FirstName&gt;

    &lt;MiddleInitial&gt;R&lt;/MiddleInitial&gt;

    &lt;LastName&gt;Payne&lt;/LastName&gt;

    &lt;Sex&gt;Male&lt;/Sex&gt;

    &lt;LegalStatus&gt;Spouse&lt;/LegalStatus&gt;

    &lt;Relationship&gt;Spouse&lt;/Relationship&gt;

    &lt;BirthDate&gt;1977-02-01T00:00:00&lt;/BirthDate&gt;

  &lt;/Applicant&gt;

 

  &lt;Applicant ID="7dda9e16-0b78-42e4-b26b-d867869fcce0"

    UniqueID="7dda9e16-0b78-42e4-b26b-d867869fcce0" EmployeeID="010449"&gt;

    &lt;FirstName&gt;Harley&lt;/FirstName&gt;

    &lt;MiddleInitial&gt;A&lt;/MiddleInitial&gt;

    &lt;LastName&gt;Payne&lt;/LastName&gt;

    &lt;Sex&gt;Male&lt;/Sex&gt;

    &lt;LegalStatus&gt;Child&lt;/LegalStatus&gt;

    &lt;Relationship&gt;Child&lt;/Relationship&gt;

    &lt;BirthDate&gt;2012-05-28T00:00:00&lt;/BirthDate&gt;

  &lt;/Applicant&gt;

&lt;/Applicants&gt;

&lt;/Transmittal&gt;

               </saml:AttributeValue>

            </saml:Attribute>

 

            <saml:Attribute Name="GroupNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>YourGroupIdentifier</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="EnrollerID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>NWB0NL82</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="SAMLReturnUrl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>https://www.YourReturnURL.com/SSOResponse.aspx?vendor=Selerix</saml:AttributeValue>

            </saml:Attribute>

 

            <saml:Attribute Name="KeepAliveURL" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>http://YourKeepAliveURL.com/KeepAlive.aspx?SSOID=2112</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="KeepAliveTimeout" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>3000</saml:AttributeValue>

            </saml:Attribute>

 

            <saml:Attribute Name="Welcome" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>yes</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="PersonalInfo" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>no</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="BenefitSnapshot" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>no</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="Review" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>yes</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="FirstPlan" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>TMK_UL</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="Enroller" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>no</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="TopMenu" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>no</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="Sidebar" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>no</saml:AttributeValue>

            </saml:Attribute>

            <saml:Attribute Name="HeaderAndFooter" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

               <saml:AttributeValue>no</saml:AttributeValue>

            </saml:Attribute>

 

         </saml:AttributeStatement>

      </saml:Assertion>

   </samlp:Response>

 

 

See Also
SAML v2.0 Integration
SAML v2.0 Template (encrypted)
SAML v2.0 Elemental Breakdown
Building Encrypted SAML
Man-in-the-Middle Attacks
Selerix SAML Elements and Attributes Reference

 

 

Copyright ©️ Selerix Systems Inc.

Click here to send feedback