<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview

!! Digital Assertions as in [SAML]
An [assertion] is a package of information that supplies one or more statements made by a SAML authority. SAML defines three different kinds of
assertion statement that can be created by a [SAML] authority.

SAML assertions are compounds of one or more of three kinds of &quot;statement&quot; about [Digital Subject] (human or program):
* [SAML Authentication Statement]
* [SAML Attribute Statement]
* [SAML Authorization Decision Statement]

[SAML] can be extended to incorporate many kinds of assertions and statements

[Assertions] can, and probably should, be digitally signed

!! Common information
All [SAML] assertions share some common information:
* Assertion ID - Who is making the Claim
* Issuer ID and issuance timestamp
* Subject - The [Digital Subject] that the claims are about
** Name plus the security domain
** Optional subject confirmation, e.g. public key
* &quot;Conditions&quot; under which assertion is valid
** SAML clients must reject assertions containing unsupported conditions
** Special kind of condition: assertion validity period
* Additional &quot;advice&quot; - E.g., to explain how the assertion was made

!! [SAML] [assertion] Structure Image 
The outer structure of an assertion is generic, providing information that is common to all of the statements within it. Within an assertion, a series of
inner elements describe the [SAML Authentication Statement], [SAML Attribute Statement], [SAML Authorization Decision Statement], or user-defined statements containing the specifics. 

The diagram below illustrates the high-level structure of a typical SAML authentication assertion.

!Sample common information assertion
{{{
&lt;saml:Assertion
    MajorVersion=&quot;1&quot; MinorVersion=&quot;0&quot;
    AssertionID=&quot;192.168.1.12.3456&quot;
    Issuer=&quot;cisus.com&quot;
    IssueInstant=&quot;2009-12-03T10:02:00Z&quot;&gt;
    &lt;saml:Conditions
        NotBefore=&quot;2009-12-03T10:00:00Z&quot;
        NotOnOrAfter=&quot;2009-12-03T10:05:00Z&quot;&gt;
        &lt;saml:AudienceRestrictionCondition&gt;
            &lt;saml:Audience&gt;…URI…&lt;/saml:Audience&gt;
        &lt;/saml:AudienceRestrictionCondition&gt;
    &lt;/saml:Conditions&gt;
    &lt;saml:Advice&gt;
        .. a variety of elements can go here..
    &lt;/saml:Advice&gt;
    ...statements go here...
    &lt;/saml:Assertion&gt;
}}}
The saml: [namespace] corresponds to an XML Schema that just focuses on assertions.So far, we have decided that unique identifiers like AssertionID are essentially opaque to SAML; it’s up to you to ensure that they’re unique in the domain you care about.!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>