Module saml_rs::assertion

Expand description

Assertion-related things

Assertions Require the following (from http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf 2.3.3 Element Assertion):

Version - The version of this assertion. The identifier for the version of SAML defined in this specification is “2.0”. SAML versioning is discussed in Section 4.
ID - The identifier for this assertion. It is of type xs:ID, and MUST follow the requirements specified in Section 1.3.4 for identifier uniqueness.
IssueInstant - The time instant of issue in UTC, as described in Section 1.3.3.
Issuer - The SAML authority that is making the claim(s) in the assertion. The issuer SHOULD be unambiguous to the intended relying parties. There’s no requirement for this to be the same as the signer, other than in the design of the consumer.

Optional things:

ds:Signature - an XML signature
Subject - The subject of the statement(s) in the assertion.
Conditions - Conditions that MUST be evaluated when assessing the validity of and/or when using the assertion. See Section 2.5 for additional information on how to evaluate conditions.
Advice - Additional information related to the assertion that assists processing in certain situations but which MAY be ignored by applications that do not understand the advice or do not wish to make use of it.

Zero or more of the following statement elements:

Statement - A statement of a type defined in an extension schema. An xsi:type attribute MUST be used to indicate the actual statement type.
AuthnStatement - An authentication statement.
AuthzDecisionStatement - An authorization decision statement.
AttributeStatement - An attribute statement.

An assertion with no statements MUST contain a <Subject> element. Such an assertion identifies a principal in a manner which can be referenced or confirmed using SAML methods, but asserts no further information associated with that principal.