3.1.1.1 Security Token

The primary protocol data unit transported by this protocol is a security token constructed as a subset of the SAML 1.1 assertion element syntax, as specified in section 2.2.4.2. Because this is the only security token format supported by this protocol, no abstract data model is introduced to represent a security token. Throughout section 3, wherever it is necessary to discuss internal constructs of a security token, the SAML terminology from section 2.2.4.2 will be used. For further specification, see [SAMLCore].

If a security token returned by this protocol is not formatted as required in section 2.2.4.2, the relying party MUST return an HTTP 1.1 status code 500 server error to the web browser requestor.