API Guides

FAQs

Suggest Edits

What is a SAML response?

The SAML response is the entire XML object returned to the SP from the IdP. The SAML response contains the SAML assertion in it’s contents

What keys does a SAML response have that don’t go into the assertion?

While many fields in a SAML response may also be present in the SAML assertion, there are some elements and attributes that are typically found only in the response. These elements are often related to the overall communication between the identity provider (IdP) and the service provider (SP) and may provide additional context or metadata about the authentication process. Here are some fields commonly found in a SAML response:

InResponseTo: Indicates the ID of the SAML request to which this response corresponds. This helps the SP correlate the response with the original request.

Destination: Specifies the URL of the SP endpoint where the response should be sent. This ensures that the response is delivered to the correct location.

Issuer: Identifies the entity that issued the SAML response, which may or may not be the same as the IdP that issued the SAML assertion.

IssueInstant: Specifies the date and time when the response was issued.

Status: Indicates the overall status of the authentication process, including whether it was successful or failed.

StatusMessage: Provides additional information about the status of the response, such as error messages or explanations for why authentication failed.

Assertion: Contains the SAML assertion(s) issued by the IdP. While the assertions themselves are typically included in the response, they are separate from the response itself and are encapsulated within the element.

Signature: Similar to the assertion, the response may also include a digital signature to ensure its integrity and authenticity.

Extensions: Optionally, the response may include extension elements to convey additional metadata or custom information relevant to the authentication process.

Why are there two IdP options in Activate?

VTS supports IdP-initiated SAML through Lane or Auth0 as the IdP. All integrations will be migrated to using Auth0 as the IdP in early 2025, but this will not require any changes for Activate users.

Updated 25 days ago

Interested in using our Next-Generation API Suite? Request Access by emailing [email protected]