[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Assertion and EncryptedAssertion
This is a profiling question over and above base SAML. For one example, the “Kantara Initiative eGovernment Implementation Profile of SAML V2.0” states:
2.5.3.2 Message Content
The Web Browser SSO Profile allows responses to contain any number of assertions and statements. Identity Provider implementations MUST allow the number of <saml2:Assertion>, <saml2:AuthnStatement>, and <saml2:AttributeStatement> elements in the <saml2p:Response> message to be limited to one. In turn, Service Provider implementations MAY limit support to a single instance of those elements when processing <saml2p:Response> messages.
The entire profile is available from:
http://kantarainitiative.org/confluence/display/eGov/eGovernment+Implementation+Profile+of+SAML+V2.0
Regards,
Bob SundayCyber Authentication Initiative I Initiative d’authentification Cyber
Chief Information Officer Branch | Direction du dirigeant principal de l'information
Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du Canada
Ottawa, Canada K1A 0R5
Office: 613-941-4764
Email: robert.sunday@tbs-sct.gc.ca
Government of Canada | Gouvernement du Canada
From: Brent Putman [mailto:putmanb@georgetown.edu]
Sent: January 30, 2012 8:51 PM
To: saml-dev@lists.oasis-open.org
Subject: Re: [saml-dev] Assertion and EncryptedAssertion
On 1/30/12 8:16 PM, David Yu wrote:
> Dear SAML experts,
> I have a question regarding Assertion and EncryptedAssertion.
> I think I need either Assertion or EncryptedAssertion in the
> SAMLResponse but not both for it to work.
> Correct me if I am wrong.
> However, I did not see in the document that a response can only have
> exactly one Assertion or EncryptedAssertion.
> Is it defined in the schema?
Yes, it is defined. A SAML 2 ResponseType can contain 0 to unbounded Assertion and/or EncryptedAssertion elements. It is not limited to 1 and the multiple Assertions and EncryptedAssertions can appear in any order, since it's an unbounded choice.
The schema snippet:
> <element name="Response" type="samlp:ResponseType"/>
> <complexType name="ResponseType">
> <complexContent>
> <extension base="samlp:StatusResponseType">
> <choice minOccurs="0" maxOccurs="unbounded">
> <element ref="saml:Assertion"/>
> <element ref="saml:EncryptedAssertion"/>
> </choice>
> </extension>
> </complexContent>
> </complexType>
---------------------------------------------------------------------
To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]