10

If I interpret the SAML 2.0-protocol correctly you can have multiple AuthnStatements. What is the purpose of this? I cannot see a use case of having multiple AuthnStatements really.

Robert
  • 233
  • 1
  • 6

2 Answers2

1

As per SAML 2.0 specifications, an authentication statement specifies that the assertion subject was authenticated by a particular means at a particular time.

One of the use cases with some IDPs is when a multi-factor authentication has been performed. In that case, each authentication statement specifies one step in the authentication process. For example -

  1. AuthnStatement one - Subject was authenticated via password at 12:34:35
  2. AuthnStatement two - Subject was authenticated via OTP/Biometric at 12:34:56

SAML 2.0 has a vast set of features but not every implementations support all of them. Most implementations support only single authentication statement which covers a major use case.

Karan Bansal
  • 258
  • 1
  • 2
  • 7
-1

Perhaps this easily googled answer regarding the assertions of the SAML spec is what you want https://en.wikipedia.org/wiki/SAML_2.0#SAML_2.0_Assertions

jas-
  • 931
  • 5
  • 9