The SAML Verification policy verifies the incoming messages carrying an SAML token and also denies permission if the conditions set in the SAML Verification Policy configuration do not match. Various variables can be set which are explained in the sections below.


The properties that have to be configured to use the policy are described below.


The target of the policy. Valid values are

  • Body
  • Query
  • Header
Assertion Element Path

An XPath element that indicates the element on the inbound XML document from which the policy can extract the SAML assertion.

Remove SAML Assertion

Enable this to remove the SAML assertion from the request message before the message is forwarded to the backend service.

Ignore if SAML Not Present

Enable this to treat messages as XML, irrespective of the Content-type.


By default, the assertion will not be generated if the content type of the message is not an XML Content-Type

VerifyEnable this is KeyStore configuration is required.

Key Store Configuration

Adaptavist ThemeBuilder EngineAtlassian Confluence