Q: 11
Which SAML component defines the content of data transferred from an IdP to a service provider?
Options
Discussion
Option B is right. The assertion carries the actual data like authentication statements between IdP and service provider, so it defines the content itself. Protocol and binding are more about how it's delivered, not what's inside. Unless I'm missing something, B fits best.
Don't think it's protocol or binding. Those handle transport and encapsulation, not the content itself. Assertion (B) is what actually contains the user info transported from IdP to SP. Profiles can look tempting, but they just standardize use cases. I've seen similar in practice material, so I'm pretty sure B is best.
For me, B. Had something like this in a mock, and assertion defines what's actually sent from the IdP to the SP.
Be respectful. No spam.
