Page tree
Skip to end of metadata
Go to start of metadata

An Assertion Consumer Service (or ACS) is SAML terminology for the location at a ServiceProvider that accepts <samlp:Response> messages (or SAML artifacts) for the purpose of establishing a session based on an assertion. It refers to an HTTP resource (often a virtual one) on a web site that processes SAML protocol messages and returns a cookie representing the information extracted from the message.

In the Shibboleth SP, Assertion Consumer Services are implemented as handlers. All SP software has some notion of an ACS but vendors will often refer to them by made-up or bastardized names like "SAML processor" or "response location" or "POST endpoint".

For the protection of the user, the valid Assertion Consumer Service location(s) associated with an SP are generally registered in metadata so that they can be checked by the IdP. This helps to prevent the delivery of personal information to unauthorized parties.

A typical ACS in the Shibboleth SP might look like https://sp.example.org/Shibboleth.sso/SAML2/POST

Non-Shibboleth software features a wide range of different-looking ACS locations and you cannot count on any given pattern to them, you have to get the information from the owner of the system.

  • No labels