What is a SAML Assertion?
The SAML Assertion is the main piece in the SAML puzzle. This is the object that the rest of SAML is build to safely build, transport and use.
A SAML Assertion is basically a package with security information about a entity.(e.g. A user) issued from the Identity Provider(IdP) to the Service Provider(SP). When the user has authenticated with the IdP a SAML Assertion is sent to the SP with the IdPs information about that user.
What does a SAML Assertion contain?
The SAML Assertion contains some general information like, who sent it, what time it was sent and validity period of the assertion. The assertion also contains statements about a user. These come in three different types.
The authentication statement contains, not surprisingly, information about the authentication of the user. Mainly when and by what means the user was authenticated.
The attribute statement can contain application specific attributes connected to the user, for example. Address, telephone number social security number.
555501234 firstname.lastname@example.org 546848134886
The authorization statement contains information about the users access rights to different resources. This statement can be used for basic authorization. For more advanced authorization cases I recommend taking a look at the XACML standard
What does a SAML Assertion look like?Here is an example on what a whole can look like.
IDP-alias 5VkzP/MZ1PMJ62o45/7DdFms9y7K my-alias urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport 555501234 email@example.com 546848134886
If you have any questions please drop a comment in on this post and I will answer it as soon as possible.