Examine has a SAML 1.1 token generator tool that can be used to hand-craft a SAML 1.1 Assertion. While this is usually not the way SAML assertions are generated or issued, it does provide an easy and quick way to create a SAML 1.1 token.

The SAML 1.1. Token Generator tool is accessible from the Tools->SAML menu tab. The main configuration view is as shown below:


Important

For more information on the SAML 1.1, please refer to the specification set here: http://www.oasis-open.org/standards#samlv1.1

A SAML Assertion is a collection of information that includes one or more statements about a subject made by a SAML authority. In SAML 1.1, the Assertion can hold one or more statements that correpond to the subject. However, since the Subject information is common to the statements, this tool allows you to specify the Subject information once and have that applied to the different statements added to the assertion.

The main configuration fields are:

Assertion ID

This field corresponds to the SAML 1.1. AssertionID attribute. It represents the identifier for this Assertion and is of type xsd:ID

Issuer Name

This field corresponds to the SAML authority that created the assertion. The issuer name should be unambiguous to the intended relying parties.

Issue Instant

The time instant when this Assertion was created/issued.

Every SAML Assertion usually contains one or more of the following kinds of Statements about a Subject:

Attribute Statement
Authentication Statement
Authorization Decision Statement

To add one or more of the above Statements to the Assertion, switch to the Statements tab.

Attribute Statements

To add a new Attribute Statement, click on the Attribute link to add a new tab that represents the statement. Click on the Add Attribute button to open the Add Attribute dialog where you can specify the name, value and the namespace of the attribute as shown below:


Click on OK adds a new Attribute for the Attribute Statement as shown below:


Authentication Statement

To add one or more Authentication Statement's to the Assertion, click on the Authentication button to add a new tab that represents the Statement as shown below:


Each Authentication Statement consists of the Authentication method used to authenticate the Subject, the time at which the authentication took place and information about the locality of the Subject.

Authorization Decision Statement

To add an <AuthorizationDecisionStatement/> element to the Assertion, click on the Authorization Decision button and configure the request URI and decision information as shown below:


The Decision Type value can be one of:

To add one or more <Action/> elements click on the Action button to select the Namespace of the Action and the Content for the Action (string data).

To add an <Evidence/> element that holds either a <AssertionIDReference/> or an <Assertion/> element, click on the Evidence button and select either the Assertion or Assertion ID Reference buttons to specify the respective values.

loading table of contents...