In this post
I am going to explain about Assertion element. Following are the attributes
that Assertion element contains.
Attribute
|
Description
|
Required
|
MajorVersion
|
Specifies
the major version of this assertion.
|
Yes
|
MinorVersion
|
Specifies
the minor version of this assertion
|
Yes
|
Id
|
Identifier
for this assertion. Id is used to uniquely identify the assertion
|
Yes
|
IssueInstant
|
The time
instant of issue in UTC.
|
Yes
|
Following
are the elements that Assertion element can contain.
Element
|
Description
|
Required
|
Issuer
|
It
provides information about SAML assertion issuer.
|
Yes
|
ds:Signature
|
An XML
Signature that protects the integrity and authenticates the issuer of the
assertion.
|
No
|
Subject
|
Subject of
the statement in the assertion
|
No
|
Conditions
|
Conditions
that MUST be evaluated when assessing the validity of the assertion.
|
No
|
Advice
|
Additional
information related to the assertion that assists processing in certain
situations.
|
No
|
AuthnStatement
|
An
authentication statement.
|
No
|
AuthzDecisionStatement
|
An
authorization decision statement.
|
No
|
AttributeStatement
|
An attribute
statement
|
No
|
Rules apply to Version
1.
A
SAML asserting party MUST NOT issue any assertion with an overall Major.Minor
assertion version number not supported by the authority.
2.
A
SAML relying party MUST NOT process any assertion with a major assertion
version number not supported by the relying party.
3.
A
SAML relying party MAY process or MAY reject an assertion whose minor assertion
version number is higher than the minor assertion version number supported by
the relying party.
Note:
An assertion
with no statements(AuthnStatement, AuthzDecisionStatement, AttributeStatement)
must contain Subject element.
Following is
the schema fragment for Assertion element.
<element name="Assertion" type="saml:AssertionType" /> <complexType name="AssertionType"> <sequence> <element ref="saml:Issuer" /> <element ref="ds:Signature" minOccurs="0" /> <element ref="saml:Subject" minOccurs="0" /> <element ref="saml:Conditions" minOccurs="0" /> <element ref="saml:Advice" minOccurs="0" /> <choice minOccurs="0" maxOccurs="unbounded"> <element ref="saml:Statement" /> <element ref="saml:AuthnStatement" /> <element ref="saml:AuthzDecisionStatement" /> <element ref="saml:AttributeStatement" /> </choice> </sequence> <attribute name="Version" type="string" use="required" /> <attribute name="ID" type="ID" use="required" /> <attribute name="IssueInstant" type="dateTime" use="required" /> </complexType>
No comments:
Post a Comment