Identified by type="Bearer", this rule allows a SAML 2.0 assertion with the "bearer" subject confirmation method to be accepted when possible. Normally not used explicitly, this rule is applied automatically to any policy running inside an AssertionConsumerService that implements SAML 2.0 profiles that make use of this confirmation type.
Attributes
Name | Type | Default | Description |
|---|---|---|---|
checkValidity | boolean | true | When true, the enclosed |
checkRecipient | boolean | true | When true, and the URL to which the assertion was submitted is available, the <SubjectConfirmationData> element's Recipient attribute is checked against that value. If no attribute is present, this setting has no effect. |
checkCorrelation | boolean | true | When true, and the identifier of a request to which the assertion was submitted as a response is available, the <SubjectConfirmationData> element's InResponseTo attribute is checked against that value. If no attribute is present, this setting has no effect. |
missingFatal | boolean | true | When true, the absence of an acceptable <SubjectConfirmation> element is treated as a fatal error. Otherwise, the rule signals nothing was found but does not fail. Can be set to allow for stacking of rules based on multiple confirmation methods. |
Example
| Code Block | ||
|---|---|---|
| ||
<TBD/> |