Saturday, 8 August 2015

SAML: Assertion element

In this post I am going to explain about Assertion element. Following are the attributes that Assertion element contains.

Attribute
Description
Required
MajorVersion
Specifies the major version of this assertion.
Yes
MinorVersion
Specifies the minor version of this assertion
Yes
Id
Identifier for this assertion. Id is used to uniquely identify the assertion
Yes
IssueInstant
The time instant of issue in UTC.
Yes

Following are the elements that Assertion element can contain.
Element
Description
Required
Issuer
It provides information about SAML assertion issuer.
Yes
ds:Signature
An XML Signature that protects the integrity and authenticates the issuer of the assertion.
No
Subject
Subject of the statement in the assertion
No
Conditions
Conditions that MUST be evaluated when assessing the validity of the assertion.
No
Advice
Additional information related to the assertion that assists processing in certain situations.
No
AuthnStatement
An authentication statement.
No
AuthzDecisionStatement
An authorization decision statement.
No
AttributeStatement
An attribute statement
No


Rules apply to Version
1.   A SAML asserting party MUST NOT issue any assertion with an overall Major.Minor assertion version number not supported by the authority.
2.   A SAML relying party MUST NOT process any assertion with a major assertion version number not supported by the relying party.
3.   A SAML relying party MAY process or MAY reject an assertion whose minor assertion version number is higher than the minor assertion version number supported by the relying party.

Note:
An assertion with no statements(AuthnStatement, AuthzDecisionStatement, AttributeStatement) must contain Subject element.
Following is the schema fragment for Assertion element.

<element name="Assertion" type="saml:AssertionType" />
<complexType name="AssertionType">
  <sequence>
    <element ref="saml:Issuer" />
    <element ref="ds:Signature" minOccurs="0" />
    <element ref="saml:Subject" minOccurs="0" />
    <element ref="saml:Conditions" minOccurs="0" />
    <element ref="saml:Advice" minOccurs="0" />
    <choice minOccurs="0" maxOccurs="unbounded">
      <element ref="saml:Statement" />
      <element ref="saml:AuthnStatement" />
      <element ref="saml:AuthzDecisionStatement" />
      <element ref="saml:AttributeStatement" />
    </choice>
  </sequence>
  <attribute name="Version" type="string" use="required" />
  <attribute name="ID" type="ID" use="required" />
  <attribute name="IssueInstant" type="dateTime" use="required" />
</complexType>



Prevoius                                                 Next                                                 Home

No comments:

Post a Comment