2.2.1.6 Assertion Element
The <Assertion> element is specified in [SAMLCore] section 2.3.2. An <Assertion> element defines a SAML token.
[SAMLCore] and [SAMLToken1.1] specify how to parse and validate <Assertion> elements.
If a SAML token is referenced as specified in [SAMLToken1.1] sections 3.4 (ignoring subsections) and 3.4.1, a key identifier reference conforming to section 2.2.1.1 MUST be used.
If a SAML token is present in a <Security> element, a <Signature> element conforming to section 2.2.1.7 MUST be present in the same <Security> element. The <KeyInfo> element of that signature MUST reference the SAML token.
This document overrides the following specifications:
Direct and embedded references as specified in [SAMLToken1.1] section 3.4 are not used.
The ValueType "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID" and the TokenType "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" specified in [SAMLToken1.1] section 3.4 MUST NOT be used.
The NotBefore and NotOnOrAfter attributes as specified in [SAMLCore] section 2.3.2.1.1 MAY be omitted.
The MajorVersion and MinorVersion attributes as specified in [SAMLCore] section 2.3.2 MUST be present and MUST both have a value of "1".
A <Signature> element as specified in [SAMLCore] section 5.4 and conforming to section 2.2.1.7 MUST be present.
A <SubjectConfirmation> element conforming to section 2.2.1.6.1 MUST be present.