| Top | |
|
|
|
Authentication assertions provided in an AuthnResponse element MUST be of type AssertionType, which is an extension of saml:AssertionType, so that the RequestID attribute from the original AuthnRequest MAY be included in the InResponseTo attribute in the Assertion element. This is done because it is not required that the AuthnResponse element itself be signed. Instead, the individual Assertion elements contained MUST each be signed. Note that it is optional for the InResponseTo to be present. Its absence indicates that the AuthnResponse has been unilaterally sent by the identity provider without a corresponding AuthnRequest message from the service provider. If the attribute is present, it MUST be set to the RequestID of the original AuthnRequest.
Figure 1. Schema fragment for lib:Assertion
<xs:element name="Assertion" type="AssertionType" substitutionGroup="saml:Assertion" />
<xs:complexType name="AssertionType">
<xs:complexContent>
<xs:extension base="saml:AssertionType">
<xs:attribute name="InResponseTo" type="xs:NCName" use="optional"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
LassoLibAssertion *
lasso_lib_assertion_new (void);
Creates a new LassoLibAssertion object.
LassoLibAssertion * lasso_lib_assertion_new_full (const char *issuer,const char *requestID,const char *audience,const char *notBefore,const char *notOnOrAfter);
Creates a new LassoLibAssertion object and initializes its Issuer, InResponseTo, AudienceRestrictionCondition, notBefore and notOnOrAfter fields or attributes.
issuer |
the issuer entityID string |
|
requestID:(allow-none) |
the identifier of the request which initiated the creation of this assertion |
|
audience:(allow-none) |
the entityID of the receiver of this assertion |
|
notBefore |
a timestamp formatted as iso-8601 |
|
notOnOrAfter |
a timestamp formatted as iso-8601 |