SAML Request Body

The SAML Request Body must consists of the following:

  • The SAML request must have Microsoft SharePoint Online as the intended audience.

  • The username in the request must be replaced by the $username$ place holder.

  • The password in the request must be replaced by the $password$ place holder.

The following is an example of an SAML Request Body:

Authorization Endpoint: https://<YOUR_DOMAIN>/adfs/services/trust/2005/usernamemixed

Copy 
<s:Envelope xmlns:s='http://www.w3.org/2003/05/soap-envelope' 
xmlns:a='http://www.w3.org/2005/08/addressing'
xmlns:u='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
  <s:Header><a:Action s:mustUnderstand='1'>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo>
        <a:To s:mustUnderstand='1'>https://<YOUR_DOMAIN>/adfs/services/trust/2005/usernamemixed</a:To>
          <o:Security s:mustUnderstand='1' 
          xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
            <o:UsernameToken u:Id='uuid-<user’s object id>'>
        <o:Username>$username$</o:Username>
        <o:Password>$password$</o:Password></o:UsernameToken>
    </o:Security>
    </s:Header>
    <s:Body>
            <trust:RequestSecurityToken xmlns:trust='http://schemas.xmlsoap.org/ws/2005/02/trust'>
            <wsp:AppliesTo xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>
            <a:EndpointReference>
            <a:Address>urn:federation:MicrosoftOnline</a:Address>
            </a:EndpointReference>
            </wsp:AppliesTo>
            <trust:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</trust:KeyType>
            <trust:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</trust:RequestType>
            </trust:RequestSecurityToken>
  </s:Body>
</s:Envelope>