SSO · Schema
SAML Assertion
JSON representation of a SAML 2.0 Assertion used for SSO authentication
AuthenticationAuthorizationIdentityOAuthOIDCSAMLSecuritySingle Sign-OnSSO
Properties
| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for the assertion |
| version | string | SAML version |
| issueInstant | string | Timestamp when the assertion was issued |
| issuer | string | Entity ID URI of the identity provider that issued the assertion |
| subject | object | Subject of the assertion - the authenticated user |
| conditions | object | Conditions under which the assertion is valid |
| authnStatement | object | Authentication context and session information |
| attributes | array | User attributes included in the assertion |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/api-evangelist/sso/json-schema/sso-saml-assertion-schema.json",
"title": "SAML Assertion",
"description": "JSON representation of a SAML 2.0 Assertion used for SSO authentication",
"type": "object",
"required": ["issuer", "subject", "conditions"],
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the assertion"
},
"version": {
"type": "string",
"enum": ["2.0"],
"description": "SAML version"
},
"issueInstant": {
"type": "string",
"format": "date-time",
"description": "Timestamp when the assertion was issued"
},
"issuer": {
"type": "string",
"description": "Entity ID URI of the identity provider that issued the assertion"
},
"subject": {
"type": "object",
"description": "Subject of the assertion - the authenticated user",
"required": ["nameId"],
"properties": {
"nameId": {
"type": "string",
"description": "Name identifier for the authenticated user"
},
"nameIdFormat": {
"type": "string",
"description": "URI indicating the format of the NameID",
"examples": [
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
]
},
"subjectConfirmationMethod": {
"type": "string",
"description": "Method used to confirm the subject"
},
"subjectConfirmationData": {
"type": "object",
"properties": {
"notOnOrAfter": {
"type": "string",
"format": "date-time"
},
"recipient": {
"type": "string",
"format": "uri"
},
"inResponseTo": {
"type": "string"
}
}
}
}
},
"conditions": {
"type": "object",
"description": "Conditions under which the assertion is valid",
"properties": {
"notBefore": {
"type": "string",
"format": "date-time",
"description": "Earliest time the assertion is valid"
},
"notOnOrAfter": {
"type": "string",
"format": "date-time",
"description": "Expiration time of the assertion"
},
"audienceRestriction": {
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"description": "List of audience URIs (SP Entity IDs) for which the assertion is intended"
}
}
},
"authnStatement": {
"type": "object",
"description": "Authentication context and session information",
"properties": {
"authnInstant": {
"type": "string",
"format": "date-time",
"description": "When the authentication event occurred"
},
"sessionIndex": {
"type": "string",
"description": "Session index for Single Logout"
},
"sessionNotOnOrAfter": {
"type": "string",
"format": "date-time",
"description": "When the session expires"
},
"authnContextClassRef": {
"type": "string",
"description": "Authentication context class reference URI",
"examples": [
"urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
]
}
}
},
"attributes": {
"type": "array",
"description": "User attributes included in the assertion",
"items": {
"type": "object",
"required": ["name"],
"properties": {
"name": {
"type": "string",
"description": "Attribute name"
},
"nameFormat": {
"type": "string",
"description": "Format of the attribute name"
},
"friendlyName": {
"type": "string",
"description": "Human-readable name for the attribute"
},
"values": {
"type": "array",
"items": {
"type": "string"
},
"description": "Attribute values"
}
}
}
}
}
}