SAML Response Data

Your enterprise would send the following SAML Assertion Attributes in the SAML Response to sFOX to give additional information about the user

Response Data

AccountRole

Either be “advisor” or “client” depending on if the account registering with sFOX is an advisor in your system or a client.

advisor

FirstName

The given name of the user

Jane

LastName

The family/surname of the user

Doe

EmailAddress

The primary email address for the user

CountryCode

This should be an ISO 3166-1 ALPHA-2 Country code that pertains to the nationality of the user. This is for the user's nationality (the user’s citizenship).

United States: US Denmark: DK Kazakhstan: KZ

PhoneNumber

The primary phone number - should include the international dial code as well

US: +14156273333

DK: +4529299276

DOB

The date of birth of the user. This should be formatted as 'YYYY-MM-DD'

1991-01-28

UserId

If the NameId used is not unique or is a mutable value, please specify this attribute as something that is a unique, immutable value that references the user

156c5beb-7c9f-4f68-83c0-9479703ac490

AdvisorUserId

This should be the NameId or the UserId of the associated advisor, if applicable. Again, this needs to be a value that is unique and immutable.

This value should only be provided for clients

10109707-ea04-4ff5-8a5d-5df07048202f

Example SAML Request & Response XML

SAML Response XML

<samlp:Response ID="_efe92f78-b183-4866-91de-dfbd0ac56308" Version="2.0" 
IssueInstant="2009-05-29T19:58:46Z" 
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
   <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
       http://sample.example.net/web/
   </saml:Issuer>
   <samlp:Status>
       <samlp:StatusCode 
Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </samlp:Status>
   <saml:Assertion Version="2.0" ID="_142e1800-6f93-4cea-b9d1-ce1b34d0d61c" IssueInstant="2009-05-29T19:58:46Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
       <saml:Subject>
           <saml:NameID 
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">10109707-ea04-4ff5-8a5d-5df07048202f</saml:NameID>
       </saml:Subject>
       <saml:AuthnStatement AuthnInstant="2009-05-29T19:58:46Z" />
       <saml:AttributeStatement>
           <saml:Attribute Name="AccountRole" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
               <saml:AttributeValue>client</saml:AttributeValue>
           </saml:Attribute>
       <saml:AttributeStatement>
             <saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
               <saml:AttributeValue>George</saml:AttributeValue>
           </saml:Attribute>
       </saml:AttributeStatement>
       <saml:AttributeStatement>
           <saml:Attribute Name="LastName" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
               <saml:AttributeValue>Melika</saml:AttributeValue>
           </saml:Attribute>
       </saml:AttributeStatement>
       <saml:AttributeStatement>
           <saml:Attribute Name="EmailAddress" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
               <saml:AttributeValue>[email protected]</saml:AttributeValue>
           </saml:Attribute>
       </saml:AttributeStatement>
       <saml:AttributeStatement>
           <saml:Attribute Name="CountryCode" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
               <saml:AttributeValue>DK</saml:AttributeValue>
           </saml:Attribute>
       </saml:AttributeStatement>
       <saml:AttributeStatement>
           <saml:Attribute Name="PhoneNumber" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
               <saml:AttributeValue>+4529299276</saml:AttributeValue>
           </saml:Attribute>
       </saml:AttributeStatement>
       <saml:AttributeStatement>
           <saml:Attribute Name="DOB" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
               <saml:AttributeValue>1991-01-28</saml:AttributeValue>
           </saml:Attribute>
       </saml:AttributeStatement>
       <saml:AttributeStatement>
           <saml:Attribute Name="UserId" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue>10109707-ea04-4ff5-8a5d-5df07048202f</saml:AttributeValue>
           </saml:Attribute>
       </saml:AttributeStatement>
       <saml:AttributeStatement>
           <saml:Attribute Name="AdvisorUserId" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
               <saml:AttributeValue>156c5beb-7c9f-4f68-83c0-9479703ac490</saml:AttributeValue>
           </saml:Attribute>
       </saml:AttributeStatement>
   </saml:Assertion>
</samlp:Response>

SAML LogoutRequest

<saml:LogoutRequest ID="_cfcfca5d-6be1-48fc-8975-9f833491fee1" 
Version="2.0" IssueInstant="2009-06-03T15:01:36Z" 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:protocol">
   <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
       https://<enterprise>.sfox.com
   </saml:Issuer>
   <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
       10109707-ea04-4ff5-8a5d-5df07048202f
   </saml:NameID>
</saml:LogoutRequest>

SAML LogoutResponse XML

<samlp:LogoutResponse ID="_28f3e353-5383-4841-817e-3c528ac58774" 
Version="2.0" IssueInstant="2009-06-03T15:18:38Z" 
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
   <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
       http://sample.example.net/web/
   </saml:Issuer>
</samlp:LogoutResponse>

Last updated