If I interpret the SAML 2.0-protocol correctly you can have multiple AuthnStatements. What is the purpose of this? I cannot see a use case of having multiple AuthnStatements really.
Asked
Active
Viewed 341 times
2 Answers
1
As per SAML 2.0 specifications, an authentication statement specifies that the assertion subject was authenticated by a particular means at a particular time.
One of the use cases with some IDPs is when a multi-factor authentication has been performed. In that case, each authentication statement specifies one step in the authentication process. For example -
- AuthnStatement one - Subject was authenticated via password at 12:34:35
- AuthnStatement two - Subject was authenticated via OTP/Biometric at 12:34:56
SAML 2.0 has a vast set of features but not every implementations support all of them. Most implementations support only single authentication statement which covers a major use case.
Karan Bansal
- 258
- 1
- 2
- 7
-1
Perhaps this easily googled answer regarding the assertions of the SAML spec is what you want https://en.wikipedia.org/wiki/SAML_2.0#SAML_2.0_Assertions
jas-
- 931
- 5
- 9
-
It would be great if you could expand on this answer. – Neil Smithline Nov 02 '15 at 04:57
-
Is there any chance you could expand even further? I'm not following you at all really. – Robert Nov 03 '15 at 09:20