Planning to upgrade Policy Server to 12.8SP8CR01, how will the SAML assertion look like?

According to the documentation, the SAML assertion has got 2 different formats between version 12.8SP5 and 12.8SP7 (1)(2).

  The JAXB library that is used in Release 12.8.05 has introduced the

  following XML structural differences in a SAML 2.0 response:

 

      Namespace differences in XML element

      Time stamp is logged in milliseconds

      Attribute Value has the type attribute

      Change in the order of the XML tag attributes in a response

<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://sp.example.com/affwebservices/public/saml2assertionconsumer" ID="<value>" IssueInstant="2024-11-04T16:03:16Z" Version="2.0">

  <ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">

    linuxidp

  </ns1:Issuer>

  <Status>

    <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />

  </Status>

  <ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" ID="<value>" IssueInstant="2024-11-04T16:03:16Z" Version="2.0">

    <ns2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">linuxidp</ns2:Issuer>

    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

      <ds:SignedInfo>

        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />

        <ds:Reference URI="#<value>">

          <ds:Transforms>

            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />

            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

          </ds:Transforms>

          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

          <ds:DigestValue>

   <value>

  </ds:DigestValue>

        </ds:Reference>

      </ds:SignedInfo>

      <ds:SignatureValue>

<value>

      </ds:SignatureValue>

      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

        <ds:X509Data>

          <ds:X509Certificate>

    <value>

  </ds:X509Certificate>

        </ds:X509Data>

      </ds:KeyInfo>

    </ds:Signature>

    <ns2:Subject>

      <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">

<value>

      </ns2:NameID>

      <ns2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

        <ns2:SubjectConfirmationData NotOnOrAfter="2024-11-04T17:04:16Z" Recipient="https://sp.example.com/affwebservices/public/saml2assertionconsumer"/>

      </ns2:SubjectConfirmation>

    </ns2:Subject>

    <ns2:Conditions NotBefore="2024-11-04T15:03:16Z" NotOnOrAfter="2024-11-04T17:04:16Z">

      <ns2:AudienceRestriction>

        <ns2:Audience>

  <value>

</ns2:Audience>

      </ns2:AudienceRestriction>

    </ns2:Conditions>

    <ns2:AuthnStatement AuthnInstant="2024-11-04T16:03:15Z" SessionIndex="<value>" SessionNotOnOrAfter="2024-11-04T17:04:16Z">

      <ns2:AuthnContext>

        <ns2:AuthnContextClassRef>

  urn:oasis:names:tc:SAML:2.0:ac:classes:Password

</ns2:AuthnContextClassRef>

      </ns2:AuthnContext>

    </ns2:AuthnStatement>

    <ns2:AttributeStatement>

      <ns2:Attribute Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

        <ns2:AttributeValue>

  <value>

</ns2:AttributeValue>

      </ns2:Attribute>

      <ns2:Attribute Name="location" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

        <ns2:AttributeValue>

  <value>

</ns2:AttributeValue>

      </ns2:Attribute>

    </ns2:AttributeStatement>

  </ns2:Assertion>

</Response>

1. Changes in the Format of an SAML 2.0 Response
   
   
2. Changes in the SAML 2.0 XML Structure