Home

SAMLassertion

SAML assertion is a security statement defined by the Security Assertion Markup Language (SAML) specification, used to convey authentication, authorization and attribute information between an identity provider (IdP) and a service provider (SP). An assertion is an XML document signed digitally by the IdP, optionally encrypted, and contains one or more statements about a subject, typically a user. The three principal statement types are authentication statements, which record the time and method of a successful authentication; attribute statements, which convey additional user attributes such as roles, email address or group membership; and authorization decision statements, which convey the outcome of an access control decision made by the IdP.

In a typical SAML Web Browser Single Sign‑On flow, the IdP generates an assertion after the user

SAML assertions are defined by the OASIS SAML 2.0 core specification, and are interoperable across many platforms

authenticates,
embeds
it
in
a
SAML
response,
and
sends
it
to
the
SP
via
the
user's
browser.
The
SP
validates
the
digital
signature,
checks
conditions
such
as
audience
restriction
and
time
validity,
extracts
the
statements,
and
creates
a
local
session
for
the
user.
Assertions
may
be
short‑lived
to
reduce
replay
risk,
and
can
include
holder‑of‑key
confirmation
methods
that
bind
the
assertion
to
a
specific
TLS
session
or
client
certificate.
and
vendors.
Their
extensibility
allows
custom
attributes
and
advanced
security
features,
making
them
a
widely
adopted
mechanism
for
federated
identity
management
across
enterprises,
cloud
services
and
governmental
systems.