Saturday, 8 August 2015

SAML: SubjectConfirmation element

SubjectConfirmation is used to confirm the subject. Subject can have zero (or) more SubjectConfirmations. If more than one subject confirmation is provided, then satisfying any one of them is sufficient to confirm the subject for the purpose of applying the assertion.

SubjectConfirmation element contains following attributes.
Attribute
Description
Method
It is an URI reference, specifies a protocol (or) mechanism used to verify the subject. Following Subject confirmation methods should be used.

urn:oasis:names:tc:SAML:2.0:cm:holder-of-key urn:oasis:names:tc:SAML:2.0:cm:sender-vouches

urn:oasis:names:tc:SAML:2.0:cm:bearer

SubjectConfirmation contains following elements
Element
Description
Required
<BaseID>, <NameID>, or <EncryptedID>
Identifies the entity expected to satisfy the enclosing subject confirmation requirements.
Optional
<SubjectConfirmationData>
Additional confirmation information is used by specific confirmationmethod.
Optional

org.opensaml.saml2.core.SubjectConfirmation interface represents Subject element.
Following schema fragment defines SubjectConfirmation element.

<element name="SubjectConfirmation" type="saml:SubjectConfirmationType" />
<complexType name="SubjectConfirmationType">
  <sequence>
    <choice minOccurs="0">
      <element ref="saml:BaseID" />
      <element ref="saml:NameID" />
      <element ref="saml:EncryptedID" />
    </choice>
    <element ref="saml:SubjectConfirmationData" minOccurs="0" />
  </sequence>
  <attribute name="Method" type="anyURI" use="required" />
</complexType>



Prevoius                                                 Next                                                 Home

No comments:

Post a Comment