Child pages
  • AssertionConsumerService

The Shibboleth 1.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

Skip to end of metadata
Go to start of metadata

An AssertionConsumerService is SAML terminology for a protocol endpoint at a ServiceProvider that accepts <samlp:Response> messages (or SAML artifacts) for the purpose of establishing a security context. Today, it generally refers to an HTTP resource on a web site that processes SAML protocol messages and returns a cookie representing the information extracted from the message.

In the Shibboleth SP, AssertionConsumerServices are implemented as ServiceProviderHandlers.

For the protection of the user, the valid AssertionConsumerService location(s) associated with a ServiceProvider must be registered in MetaData so that it can be checked by the IdentityProvider. This helps to prevent the delivery of personal information to unauthorized parties.

A typical AssertionConsumerService in ShibOnedotThree might look like https://sp.example.org/Shibboleth.sso/SAML/POST

  • No labels