Skip Navigation

Assertion Validation

To ensure security, validation of the SAML assertion on the server side is required.

Assertion validation can be done using one of the following ways:

  • Manual validation

  • Service validation

Manual validation

You can validate the assertion on your own instead of calling Sabre’s validation service. To do so, you will need to use Sabre’s certificate, which is provided when the Single Sign-On boarding procedure is finished, and any library supporting SAML like OpenSAML.

Service validation

To validate assertion the Validate SSO Token service should be used.

The service accepts a token and validates it. If the token is valid, the service returns the session and user information associated with the token. The service should be used by service providers to validate assertions against the Sabre Red 360 Identity Provider’s public key.

The assertion will be valid for 60 seconds, so if you try to validate it after this time, the validation service will return an error.