Configuration Guides › Policy Server Configuration Guide › Authentication Schemes › SAML Session Ticket Authentication › How Signing Assertions Affects SAML Session Ticket Authentication

How Signing Assertions Affects SAML Session Ticket Authentication

If the TXM_Sign_Assertion variable is used to sign an assertion, the SAML Session Ticket authentication scheme behaves as follows:

• If the authentication scheme does not require a signed document, all signatures are ignored.
• If the authentication scheme does require a signed document, the following must be true:
  • The document must be signed and the signature must be valid.
  • If the assertion is signed, it must also be valid.
  • If only the assertion is signed but the document is not, the document is invalid.