SAML Detailed Analysis - RUB-NDS/FutureTrust GitHub Wiki
This section contains an additional analysis of SAML messages and provides the information about the signed and encrypted elements in these messages. It explicitly handles the SAML protocol in version 1.0 and 2.0.
The results of our analysis for the SAML protocol are summarized in Table 1. The detailed description for each country is given in the following sections.
| Country | Metadata | Bindings | Features |
|---|---|---|---|
| Austria | HTTP POST, Redirect and Artifact | ||
| Belgium | |||
| Bulgaria | |||
| Croatia | |||
| Cyprus | |||
| Czech-Republic | |||
| Denmark | see eIDAS | see eIDAS | see eIDAS |
| Estonia | |||
| Finland | see eIDAS | see eIDAS | see eIDAS |
| France | |||
| Georgia | see eIDAS | see eIDAS | see eIDAS |
| Germany | HTTP Redirect | ||
| Greece | |||
| Hungary | |||
| Iceland | |||
| Ireland | |||
| Italy | |||
| Latvia | |||
| Lithuania | |||
| Luxembourg | |||
| Malta | |||
| Netherlands | |||
| Norway | HTTP POST, Redirect, Artifact (with SOAP) | ||
| Poland | |||
| Portugal | HTTP POST with SAML Web Browser SSO Profile | ||
| Romania | |||
| Slovakia | |||
| Slovenia | |||
| Spain | |||
| Sweden | |||
| Turkey | |||
| United-Kingdom | HTTP POST, Metadata Structures, Metadata Interoperation | ||
| eIDAS | Must be signed | HTTP POST, HTTP Redirect |
Table 1: Properties of the SAML protocol in eID specifications
Table 2 analyzes which elements of the SAML Request/Response are encrypted or signed.
| Country | SAML Request: Signed Elements | SAML Request: Encrypted Elements | SAML Response: Signed Elements | SAML Response: Encrypted Elements |
|---|---|---|---|---|
| Austria | Signed request | No | Signed response | Optional encrypted Assertion |
| Belgium | ||||
| Bulgaria | ||||
| Croatia | ||||
| Cyprus | ||||
| Czech Republic | ||||
| Denmark | see eIDAS | see eIDAS | see eIDAS | see eIDAS |
| Estonia | ||||
| Finland | see eIDAS | see eIDAS | Response and Assertion(s) | see eIDAS |
| France | ||||
| Georgia | see eIDAS | see eIDAS | see eIDAS | see eIDAS |
| Germany | AuthnRequestExtension | Assertion | ||
| Greece | ||||
| Hungary | ||||
| Iceland | ||||
| Ireland | ||||
| Italy | ||||
| Latvia | ||||
| Lithuania | ||||
| Luxembourg | ||||
| Malta | ||||
| Netherlands | ||||
| Norway | AuthnRequest | --- | Assertion | Assertion |
| Poland | ||||
| Portugal | AuthnRequest | --- | Response | --- |
| Romania | ||||
| Slovakia | ||||
| Slovenia | ||||
| Spain | ||||
| Sweden | ||||
| Turkey | ||||
| United Kingdom | AuthnRequest | Response and Assertion(s) | Assertion(s) | |
| eIDAS | AuthnRequest | --- | Response | Assertion |
Table 2: Properties of the SAML messages
