Skip to content

Overview

SAML Assertion

A SAML Assertion is the XML document containing user authorization that the identity provider sends to the service provider. There are three different types of SAML Assertions – authentication, attribute, and authorization decision.

  1. Authentication assertion proves identification of the user and provides the time the user logged in and the authentication method used, like Kerberos, 2 factors.

  2. Attribution assertion passes the SAML attributes to the service provider. SAML attributes provide information about the user. Accops uses the following attributes in Attribution Assertions:

    1. username: The unique User ID attribute that is used to map all policies.

    2. email: Email ID of the user used for sending OTP or alerts.

    3. mobile number: User’s phone number for sending OTP if enabled.

  3. Authorization decision assertion says if the user is authorized to use the service or if the identity provider denied their request due to a password failure or lack of rights to the service.

The flow of SAML authentication is given below:

Accops SAML SP Specifications

Key specifications:

Item Details
SAML Protocol Version 2.0
Signing Algorithms SHA1, SHA256
Encryption Algorithms SHA256 and AES
Request Binding Support

  • HTTP Redirect Binding

  • HTTP POST Binding
Requesting Signing support Yes