Skip to main content
Skip table of contents


The SubjectConfirmation exists in a Subject, and is used in two manners on Subjects:

  • To hold a 'bearer' confirmation in a response to an AuthnRequest, to conform to the WebSSO profile.

A <Subject> in an <Assertion> can contain two different types of <SubjectConfirmation> elements. Below is a description for each of these usages. Note that bearer confirmations MAY be applicable to a single Assertion.

SubjectConfirmation for bearer confirmation (WebSSO)

In case a relying party is requesting authentication of a user according to the SAML Web SSO profile, a 'bearer' SubjectConfirmation (see SAML 2.0 Profiles, §3.3 and §4.1.4).






(Only for the Declaration of Identity or a HM Summary Declaration to the DV)

Allows for association of client with assertion to conform to the SAML Web SSO profile.

  @Method1MUST contain the value 'urn:oasis:names:tc:SAML:2.0:cm:bearer'.
    @NotBefore0MUST NOT be used.
    @NotOnOrAfter1Indicates maximum validity of the assertion
    @Recipient1The assertion consumer Service index of the immediate requester to which an attesting entity can present the assertion
    @InResponseTo1The ID of the request this assertion is in response to
    @Address0MUST NOT be used.

Example SubjectConfirmation WebSSO

        <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml:SubjectConfirmationData InResponseTo="_52B816C631C564BACF59E758CBA91717" NotOnOrAfter="2016-02-05T09:11:48Z" Recipient="https://..."/>

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.