...
It's also possible in more unusual cases to set them in the <SSO>, <Logout>, and <NameIDMgmt> elements, allowing for per-protocol behavior. They can also be set in advanced configurations that define individual <SessionInitiator>, <LogoutInitiator>, <AssertionConsumerService><md:AssertionConsumerService>, and <SingleLogoutService> <md:SingleLogoutService> endpoints. In these cases, they override any values set by application or IdP.
...