Use markdown attribute inside HTML

vrajmohan · vrajmohan · commit a70322c51267 · 2024-09-20T08:19:07.000-07:00
diff --git a/_pages/saml/authentication.md b/_pages/saml/authentication.md
@@ -51,64 +51,61 @@ A proofed identity request at AAL2, with phishing resistent MFA, for email, phon
 </samlp:AuthnRequest>
 ```
 {% endcapture %}
-{% capture response_elements %}
-The decrypted SAML Response contains a `<saml:Assertion>` element, which in turn contains elements like `<saml:Subject>`, `<saml:AttributeStatement>` and `<saml:AuthnStatement>`.
-{% endcapture %}
 {% capture decrypted_response %}
 ```xml
-  <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_d7d0f3fd-e65d-42ee-89f3-ac7d75a56a21" IssueInstant="2024-08-16T19:34:39Z" Version="2.0">
-    <Issuer>http://localhost:3000/api/saml</Issuer>
-    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-      <ds:SignedInfo>
-        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-        <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
-        <ds:Reference URI="#_d7d0f3fd-e65d-42ee-89f3-ac7d75a56a21">
-          <ds:Transforms>
-            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-          </ds:Transforms>
-          <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-          <ds:DigestValue>Q/FduVpL2MXEufa9fEZ7yelUEu39/NnTIpbvX2o38B8=</ds:DigestValue>
-        </ds:Reference>
-      </ds:SignedInfo>
-      <ds:SignatureValue>aFzI+Sd2HRHxr9PVehZ0BuP9kZ/7/m0I5CwnmDtG+tv6Dw0egvZVI9PNrna53ClpG+LLKd6UOSkju+XVhGuNQg0zXb8qmCEUA6UIKBY604ci7TRgx4t5QoXTkg2go/AL9AiYCsjD/T5OECWtzpTEAgx+cJuUMN4n6kjhtNMPvrQo367ZRYYUuVPiCK6qJBgQQoUVbhsbXZy+AF7eN4JnP1dcyFE+nwUQqjMbUoXSBY+s3WLshI5B7YUMAYdyXVdB38R0s9LpXUzYWzt1RjmL98zdCiXvFj4uD1uecgDdu0FNZYr5O5cIzVBoxDHZsU7q+njIoldXfT5FRANwWKCp7w==</ds:SignatureValue>
-      <ds:KeyInfo>
-        <ds:X509Data>
-          <ds:X509Certificate>MIID+TCCAuGgAwIBAgIUUS6s9Rb+KY0fT0qKKgqPPJij/HMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMR0wGwYDVQQIDBREaXN0cmljdCBvZiBDb2x1bWJpYTETMBEGA1UEBwwKV2FzaGluZ3RvbjEMMAoGA1UECgwDR1NBMRIwEAYDVQQLDAlMb2dpbi5nb3YxJjAkBgNVBAMMHWxvZ2luLmdvdi5pZGVudGl0eXNhbmRib3guZ292MB4XDTI0MDEyMjIwMTcwN1oXDTI1MDQwMTIwMTcwN1owgYsxCzAJBgNVBAYTAlVTMR0wGwYDVQQIDBREaXN0cmljdCBvZiBDb2x1bWJpYTETMBEGA1UEBwwKV2FzaGluZ3RvbjEMMAoGA1UECgwDR1NBMRIwEAYDVQQLDAlMb2dpbi5nb3YxJjAkBgNVBAMMHWxvZ2luLmdvdi5pZGVudGl0eXNhbmRib3guZ292MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmcFFn4b56vHlGBQ1Lx6AXz17sqKnCc6sJ+9csP1RtQBI0NpPHB2z9Di1PNk/ElK7V7yh3uMu4FJYw30GZFUl2f/ttsDkNHrwfh/jzbMNjrOSc0P25oem4uOUfeGH9jtMhKa+HZLOaOmcyWFKkYR2mwacEbQJ1CWviHtP8AzHUPSbHklAmusRLuygTjq0+QRJZgSezGqwU1L3ixPq+gMzPtMS+fxsMOVo2eosip440gz4rcqUUogtD2hV8EQi3+GIkGYuMTS81ug/385TCPEhzWMnNmDi3HykOZeRNb4GfCYw0Yx+v+cb7BPD5EdxUHNwliHvSiRAeYqLjBjuNUfKQIDAQABo1MwUTAdBgNVHQ4EFgQUusictYnNM2TbIt5STz2lkYN1sI8wHwYDVR0jBBgwFoAUusictYnNM2TbIt5STz2lkYN1sI8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATuLF4kHeP7FY9Wzm3DfF+m/5wUhJEtbsF8J9Wq8duhQ4/gtZVJgMDUKLsnSDLCtWiRlsFXquI8tlo32JsVo5NfZI9WYsub7192iCYpqE+x5G+94tt5vAayoF7GKGPxatyldxAQUz7RUzwqas7NCYXQ0p7wZrMqF8z2yvaUgL55v8TJIb7RP+D8b47Cmzx7IYmx3Co30vZWysQe61Bv880hG11YJsBAc0hmyWlokJYZZVm+xcjKkm6aFyyAbeCe0Kh68QU7f9YkpFv/sW2RIvZ/Z0gvxjJE+YJBwOwPDDHdkb0ZmKOJvlaabi5lkTZvUtTHXb5Hu7DxRRt91dm77MlQ==</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </ds:Signature>
-    <Subject>
-      <NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">87c45cbc-1e44-4d89-a040-ebdf86f50add</NameID>
-      <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
-        <SubjectConfirmationData InResponseTo="_78d78e66-586e-48af-a5dc-d96cea6488c9" NotOnOrAfter="2024-08-16T19:37:39Z" Recipient="http://localhost:4567/consume"/>
-      </SubjectConfirmation>
-    </Subject>
-    <Conditions NotBefore="2024-08-16T19:34:34Z" NotOnOrAfter="2024-08-16T20:34:39Z">
-      <AudienceRestriction>
-        <Audience>urn:gov:gsa:SAML:2.0.profiles:sp:sso:localhost</Audience>
-      </AudienceRestriction>
-    </Conditions>
-    <AttributeStatement>
-      <Attribute Name="uuid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="uuid">
-        <AttributeValue>87c45cbc-1e44-4d89-a040-ebdf86f50add</AttributeValue>
-      </Attribute>
-      <Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="email">
-        <AttributeValue>john.doe@example.com</AttributeValue>
-      </Attribute>
-      <Attribute Name="aal" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="aal">
-        <AttributeValue>http://idmanagement.gov/ns/assurance/aal/2</AttributeValue>
-      </Attribute>
-      <Attribute Name="ial" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="ial">
-        <AttributeValue>http://idmanagement.gov/ns/assurance/ial/1</AttributeValue>
-      </Attribute>
-    </AttributeStatement>
-    <AuthnStatement AuthnInstant="2024-08-16T19:34:39Z" SessionIndex="_d7d0f3fd-e65d-42ee-89f3-ac7d75a56a21">
-      <AuthnContext>
-        <AuthnContextClassRef>http://idmanagement.gov/ns/assurance/aal/2</AuthnContextClassRef>
-      </AuthnContext>
-    </AuthnStatement>
-  </Assertion>
+<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_b7a3ca0f-25a4-4365-af81-da8f04740564" IssueInstant="2024-09-18T16:20:36Z" Version="2.0">
+<Issuer>https://idp.int.identitysandbox.gov/api/saml</Issuer>
+<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+    <ds:Reference URI="#_b7a3ca0f-25a4-4365-af81-da8f04740564">
+        <ds:Transforms>
+        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>5uICLRmnTHr/Ma7+uphAjCf86rmR+P6QELBf2C53mIc=</ds:DigestValue>
+    </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>XT9CguQWKBvbqVsJ+Khu5/eyl09JVhHkUuyFHa98ViZUBVgL/Hc9gzwUr43CA7OVOO+uMfCc6WvPKeADF9w9kqJaUgsi8LiKC/nfDCY6+UiRoep2zmXyFJRAvrD/HbgVfayx/4Nn3ponRPZ/T/oezhimssFF66m+/UAwJekO9kuob+5n+uaOiFOMuHEycSdASH/iFnTSR1ajdo6AaLomG6YT8zJbuRzcKmesouAKPiQCJFt2cgstEs1zw8dvTgmozy4qd/0aMiZ52eGcXoORD8VZOQiY63HT8F4wkhk5eGU05sFcyfpg7dXNtKOfCddHwyngmgmPhpRN30ew5njg7w==</ds:SignatureValue>
+    <ds:KeyInfo>
+    <ds:X509Data>
+        <ds:X509Certificate>MIID+TCCAuGgAwIBAgIUUS6s9Rb+KY0fT0qKKgqPPJij/HMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMR0wGwYDVQQIDBREaXN0cmljdCBvZiBDb2x1bWJpYTETMBEGA1UEBwwKV2FzaGluZ3RvbjEMMAoGA1UECgwDR1NBMRIwEAYDVQQLDAlMb2dpbi5nb3YxJjAkBgNVBAMMHWxvZ2luLmdvdi5pZGVudGl0eXNhbmRib3guZ292MB4XDTI0MDEyMjIwMTcwN1oXDTI1MDQwMTIwMTcwN1owgYsxCzAJBgNVBAYTAlVTMR0wGwYDVQQIDBREaXN0cmljdCBvZiBDb2x1bWJpYTETMBEGA1UEBwwKV2FzaGluZ3RvbjEMMAoGA1UECgwDR1NBMRIwEAYDVQQLDAlMb2dpbi5nb3YxJjAkBgNVBAMMHWxvZ2luLmdvdi5pZGVudGl0eXNhbmRib3guZ292MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmcFFn4b56vHlGBQ1Lx6AXz17sqKnCc6sJ+9csP1RtQBI0NpPHB2z9Di1PNk/ElK7V7yh3uMu4FJYw30GZFUl2f/ttsDkNHrwfh/jzbMNjrOSc0P25oem4uOUfeGH9jtMhKa+HZLOaOmcyWFKkYR2mwacEbQJ1CWviHtP8AzHUPSbHklAmusRLuygTjq0+QRJZgSezGqwU1L3ixPq+gMzPtMS+fxsMOVo2eosip440gz4rcqUUogtD2hV8EQi3+GIkGYuMTS81ug/385TCPEhzWMnNmDi3HykOZeRNb4GfCYw0Yx+v+cb7BPD5EdxUHNwliHvSiRAeYqLjBjuNUfKQIDAQABo1MwUTAdBgNVHQ4EFgQUusictYnNM2TbIt5STz2lkYN1sI8wHwYDVR0jBBgwFoAUusictYnNM2TbIt5STz2lkYN1sI8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATuLF4kHeP7FY9Wzm3DfF+m/5wUhJEtbsF8J9Wq8duhQ4/gtZVJgMDUKLsnSDLCtWiRlsFXquI8tlo32JsVo5NfZI9WYsub7192iCYpqE+x5G+94tt5vAayoF7GKGPxatyldxAQUz7RUzwqas7NCYXQ0p7wZrMqF8z2yvaUgL55v8TJIb7RP+D8b47Cmzx7IYmx3Co30vZWysQe61Bv880hG11YJsBAc0hmyWlokJYZZVm+xcjKkm6aFyyAbeCe0Kh68QU7f9YkpFv/sW2RIvZ/Z0gvxjJE+YJBwOwPDDHdkb0ZmKOJvlaabi5lkTZvUtTHXb5Hu7DxRRt91dm77MlQ==</ds:X509Certificate>
+    </ds:X509Data>
+    </ds:KeyInfo>
+</ds:Signature>
+<Subject>
+    <NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">34abda40-d5aa-4259-9f17-a3757fd2e094</NameID>
+    <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+    <SubjectConfirmationData InResponseTo="_bf054c05-5b2c-4773-a6a9-9ba075a87bc9" NotOnOrAfter="2024-09-18T16:23:36Z" Recipient="https://sp.int.identitysandbox.gov/auth/saml/callback"/>
+    </SubjectConfirmation>
+</Subject>
+<Conditions NotBefore="2024-09-18T16:20:31Z" NotOnOrAfter="2024-09-18T17:20:36Z">
+    <AudienceRestriction>
+    <Audience>urn:gov:gsa:SAML:2.0.profiles:sp:sso:identitysandbox</Audience>
+    </AudienceRestriction>
+</Conditions>
+<AttributeStatement>
+    <Attribute Name="uuid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="uuid">
+    <AttributeValue>34abda40-d5aa-4259-9f17-a3757fd2e094</AttributeValue>
+    </Attribute>
+    <Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="email">
+    <AttributeValue>vraj@example.com</AttributeValue>
+    </Attribute>
+    <Attribute Name="aal" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="aal">
+    <AttributeValue>http://idmanagement.gov/ns/assurance/aal/2</AttributeValue>
+    </Attribute>
+    <Attribute Name="ial" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="ial">
+    <AttributeValue>http://idmanagement.gov/ns/assurance/ial/1</AttributeValue>
+    </Attribute>
+</AttributeStatement>
+<AuthnStatement AuthnInstant="2024-09-18T16:20:36Z" SessionIndex="_b7a3ca0f-25a4-4365-af81-da8f04740564">
+    <AuthnContext>
+    <AuthnContextClassRef>http://idmanagement.gov/ns/assurance/aal/2?phishing_resistant=true</AuthnContextClassRef>
+    </AuthnContext>
+</AuthnStatement>
+</Assertion>
 ```
 {% endcapture %}
 
@@ -174,9 +171,9 @@ The decrypted SAML Response contains a `<saml:Assertion>` element, which in turn
 <div class="grid-row grid-gap">
     <div class="desktop:grid-col-7 mobile:grid-col-full">
         <h2 id="authentication-response">Authentication response</h2>
-        <p>After the user authenticates, Login.gov will redirect and POST a form back to your registered Assertion Consumer Service URL with a hidden form control named SAMLResponse.</p>
-        <p>The `SAMLResponse` is a base64-encoded XML payload that contains data that is encrypted with the service provider's public key.</p>
-        <p>{{ response_elements | markdownify }}</p>
+        <p markdown="1">After the user authenticates, Login.gov will redirect and POST a form back to your registered Assertion Consumer Service URL with a hidden form control named `SAMLResponse`.</p>
+        <p markdown="1">`SAMLResponse` contains a base64-encoded XML payload that contains data that is encrypted with the service provider's public key.</p>
+        <p markdown="1"> The decrypted `SAMLResponse` contains a `<saml:Assertion>` element, which in turn contains elements like `<saml:Subject>`, `<saml:AttributeStatement>` and `<saml:AuthnStatement>`. </p>
         <p>For example, {{ decrypted_response | markdownify }}</p>
           <a href="{{ '/saml/logout/' | prepend: site.baseurl }}" class="usa-link margin-top-4 mobile:display-none desktop:display-block">Next step: Logout</a>
     </div>
