This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
SAML Assertions
SAML Assertions

Version management

Difference between version and

At line 1 added 56 lines
!!! Overview
!! Digital Assertions as in [SAML]
An [assertion] is a package of information that supplies one or more statements made by a SAML authority. SAML defines three different kinds of
assertion statement that can be created by a [SAML] authority.
SAML assertions are compounds of one or more of three kinds of "statement" about [Digital Subject] (human or program):
* [SAML Authentication Statement]
* [SAML Attribute Statement]
* [SAML Authorization Decision Statement]
[SAML] can be extended to incorporate many kinds of assertions and statements
[Assertions] can, and probably should, be digitally signed
!! Common information
All [SAML] assertions share some common information:
* Assertion ID - Who is making the Claim
* Issuer ID and issuance timestamp
* Subject - The [Digital Subject] that the claims are about
** Name plus the security domain
** Optional subject confirmation, e.g. public key
* "Conditions" under which assertion is valid
** SAML clients must reject assertions containing unsupported conditions
** Special kind of condition: assertion validity period
* Additional "advice" - E.g., to explain how the assertion was made
!! [SAML] [assertion] Structure Image
The outer structure of an assertion is generic, providing information that is common to all of the statements within it. Within an assertion, a series of
inner elements describe the [SAML Authentication Statement], [SAML Attribute Statement], [SAML Authorization Decision Statement], or user-defined statements containing the specifics.
The diagram below illustrates the high-level structure of a typical SAML authentication assertion.
!Sample common information assertion
{{{
<saml:Assertion
MajorVersion="1" MinorVersion="0"
AssertionID="192.168.1.12.3456"
Issuer="cisus.com"
IssueInstant="2009-12-03T10:02:00Z">
<saml:Conditions
NotBefore="2009-12-03T10:00:00Z"
NotOnOrAfter="2009-12-03T10:05:00Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>…URI…</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:Advice>
.. a variety of elements can go here..
</saml:Advice>
...statements go here...
</saml:Assertion>
}}}
The saml: [namespace] corresponds to an XML Schema that just focuses on assertions.So far, we have decided that unique identifiers like AssertionID are essentially opaque to SAML; it’s up to you to ensure that they’re unique in the domain you care about.!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop