2.2.3.1 SAML Advice Elements

ClaimSource (optional): A Uniform Resource Identifier (URI) identifying a requestor IP/STS or other authentication service (such as a local account store) that is the source of the claims in the security token. The content is of type any URI (as specified in [XMLSCHEMA2] section 3.2.17).

CookieInfoHash (optional): A base64-encoded implementation-specific hash value. The content is of type base64Binary (as specified in [XMLSCHEMA2] section 3.2.16).<6>

WindowsUserIdentifier (optional): A SID identifying the subject of the SAML assertion. The content is of type string (as specified in [XMLSCHEMA2] section 3.2.1) and MUST follow the restrictions for the string representation of a SID, as specified in [MS-DTYP] section 2.4.2).

WindowsUserName (optional): A user name associated with the subject of the SAML assertion. The content is of type string (as specified in [XMLSCHEMA2] section 3.2.1) and MUST be of the form "DOMAIN\user name".<7>

WindowsIdentifiers (optional): A base64-encoded binary structure that defines a set of SIDs that identify the subject of the SAML assertion and a set of flags that specify the use of the SIDs. The content is of type base64Binary (as specified in [XMLSCHEMA2] section 3.2.16), and the binary data MUST be structured as specified in WindowsIdentifiers Binary Structure (section 2.2.3.2).