Skip to main content
Skip table of contents

SubjectConfirmation

The SubjectConfirmation exists in a Subject, and is used in two manners on Subjects:

  • To hold a 'bearer' confirmation in a response to an AuthnRequest, to conform to the WebSSO profile.

A <Subject> in an <Assertion> can contain two different types of <SubjectConfirmation> elements. Below is a description for each of these usages. Note that bearer confirmations MAY be applicable to a single Assertion.

SubjectConfirmation for bearer confirmation (WebSSO)

In case a relying party is requesting authentication of a user according to the SAML Web SSO profile, a 'bearer' SubjectConfirmation (see SAML 2.0 Profiles, §3.3 and §4.1.4).

Element/@Attribute

0..n

Description

<SubjectConfirmation>

0..1

(Only for the Declaration of Identity or a HM Summary Declaration to the DV)

Allows for association of client with assertion to conform to the SAML Web SSO profile.

  @Method

1

MUST contain the value 'urn:oasis:names:tc:SAML:2.0:cm:bearer'.

<SubjectConfirmationData>

1

    @NotBefore

0

MUST NOT be used.

    @NotOnOrAfter

1

Indicates maximum validity of the assertion

    @Recipient

1

The assertion consumer Service index of the immediate requester to which an attesting entity can present the assertion

    @InResponseTo

1

The ID of the request this assertion is in response to

    @Address

0

MUST NOT be used.

Example SubjectConfirmation WebSSO
XML
...
    <saml:Subject>
        ...
        <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml:SubjectConfirmationData InResponseTo="_52B816C631C564BACF59E758CBA91717" NotOnOrAfter="2016-02-05T09:11:48Z" Recipient="https://..."/>
        </saml:SubjectConfirmation>
    </saml:Subject>
...

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.