An assertion is a package of information that supplies one or
more statements made by a SAML authority. SAML defines three different
kinds of assertion statement that can be created by a SAML authority:
Authentication: The specified subject was authenticated by a particular means at a particula time. This kind of statement is typically generated by a SAML authority called an identity provider, which is in charge of authenticating users and keeping track of other information about them.
Attribute: The specified subject is associated with the supplied attributes.
Authorization decision: A request to allow the specified subject to access the specified
resource has been granted or denied.
An assertion consists of one or more statements. For single sign-on, a typical SAML assertion will contain a single authentication statement and possibly a single attribute statement. Note that a SAML response could contain multiple assertions, although its more typical to have a single assertion within a response.
The outer structure of an assertion is generic, providing information that is common to all of the statements within it. Within an assertion, a series of inner elements describe the authentication, attribute, authorization decision, or user-defined statements containing the specifics.