JAVA中的SAML请求和响应

Question

First let me tell you what my situation is
I have 3 service Providers and 1 Identity Provider. (ie i am the service provider as well as identity provider). I want to implement SSO using SAML.
I am writing the SAML request in the following way

 <samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="identifier_1"
Version="2.0"
IssueInstant="2004-12-05T09:21:59Z"
AssertionConsumerServiceIndex="0">
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
<samlp:NameIDPolicy
  AllowCreate="true"
  Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

I am able to send the request properly. I dont understand how the response should be. There are many attributes in response code like Digest,Certificate,etc..,. What are they?

Is there any rule that I should follow only SAML protocol. Can I create my own protocol, Since I am the Service as well as Identity Provider?

Answer 1

Below is an extract from the SAML V2.0 Technical Overview . The document is really a thing worth to look at. Following it you have to define your business use case, choose a profile for this use case, and implement a protocol complying with this profile. If profile doesn't exist - you can define your own protocol. The request and response attributes will depend on the profile.

SAML consists of building-block components that, when put together, allow a number of use cases to be supported. The components primarily permit transfer of identity, uthentication, attribute, and authorization information between autonomous organizations that have an established trust relationship.

The core SAML specification defines the structure and content of both assertions and protocol messages used to transfer this information.

SAML assertions carry statements about a principal that an asserting party claims to be true. The valid structure and contents of an assertion are defined by the SAML assertion XML schema. Assertions are usually created by an asserting party based on a request of some sort from a relying party, although under certain circumstances, the assertions can be delivered to a relying party in an unsolicited manner. SAML protocol messages are used to make the SAML-defined requests and return appropriate responses. The structure and contents of these messages are defined by the SAML-defined protocol XML schema.

The means by which lower-level communication or messaging protocols (such as HTTP or SOAP) are used to transport SAML protocol messages between participants is defined by the SAML bindings.

Next, SAML profiles are defined to satisfy a particular business use case, for example the Web Browser SSO profile. Profiles typically define constraints on the contents of SAML assertions, protocols, and bindings in order to solve the business use case in an interoperable fashion. There are also Attribute Profiles, which do not refer to any protocol messages and bindings, that define how to exchange attribute information using assertions in ways that align with a number of common usage environments (eg X.500/ LDAP directories, DCE).