{"id":60290,"date":"2022-03-15T11:00:00","date_gmt":"2022-03-15T15:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=60290"},"modified":"2024-01-24T12:09:29","modified_gmt":"2024-01-24T17:09:29","slug":"what-is-saml-assertion","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/what-is-saml-assertion","title":{"rendered":"What Is SAML Assertion?"},"content":{"rendered":"\n

Assertions are one of the most powerful aspects of Security Assertion Markup Language<\/a> (SAML 2.0). They make it possible for small and medium-sized enterprises (SME) to adopt single sign-on (SSO) that combines convenience with extremely granular user permissions for web applications. This capability is vital for organizations that operate within regulated industries with stringent data security requirements. This article provides an overview of what assertions are, how they function, how to debug them for your applications, as well as the specific statements contained within them.<\/p>\n\n\n\n

What Is SAML Assertion?<\/h2>\n\n\n\n

SAML assertions are the messages that are exchanged between an identity provider (IdP) and service provider (SP) that confidentially identify who a user is, what pertinent information exists about them, and what they\u2019re authorized or entitled to access. Those messages also specify security conditions (such as the source of the assertion) and assurances that assertions are valid. XML schemas are used to author assertions, providing a rich canvas to specify very specific conditions. They\u2019re communicated following successful authentication of the SAML request. The SAML response is sent in lieu of a username and password being shared over the wire.<\/p>\n\n\n\n

XML Documents<\/h3>\n\n\n\n

Assertions are recorded and transferred as XML documents to standardize communications between the IdP and SP. These documents are composed using a schema format for assertions and protocols. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Attribution: OASIS<\/em><\/p>\n\n\n\n

Writing assertions is a coding activity that will require quality assurance and testing. Organizations should maintain schemas throughout the lifecycle of their SSO system. It\u2019s advisable to use pre-built connectors if your SME cannot support custom development.<\/p>\n\n\n\n

What Is a SAML Assertion Validator?<\/h2>\n\n\n\n

Writing XML schemas can be a heavy lift for some organizations and may take time to debug. That\u2019s why the SAML standard has a built-in facility to troubleshoot user login errors called an Assertion Validator. It will identify problems in assertions that are sent from your IdP. Some platforms will automatically capture assertions for debugging purposes. Assertion Validators expressly target issues with assertions and will not identify login issues. JumpCloud\u2019s platform contains a library of several hundred pre-built SSO connectors so that users may bypass this process.<\/p>\n\n\n\n

Types of SAML Assertion Statements<\/h2>\n\n\n\n

Statements are found within assertions and are broken down into specific functions. There are three types of statements, as specified by the SAML 2.0 open standard: <\/p>\n\n\n\n