•Sometimes an IdP will
create a new assertion when
invoked by a request from a SP.
–Example: if a
SP issues an AuthnRequest with ForceAuthn="true"
then the IdP must create a new assertion
(he cannot simply return an existing assertion).
•Sometimes a SP simply
wants an existing assertion.
•The following slides
show the ways a SP can issue a
request for an existing assertion.