AssertionConsumerService

An AssertionConsumerService is SAML terminology for a protocol endpoint at a ServiceProvider that accepts <samlp:Response> messages (or SAML artifacts) for the purpose of establishing a security context. Today, it generally refers to an HTTP resource on a web site that processes SAML protocol messages and returns a cookie representing the information extracted from the message.

In the Shibboleth SP, AssertionConsumerServices are implemented as ServiceProviderHandlers.

For the protection of the user, the valid AssertionConsumerService location(s) associated with a ServiceProvider must be registered in MetaData so that it can be checked by the IdentityProvider. This helps to prevent the delivery of personal information to unauthorized parties.

A typical AssertionConsumerService in ShibOnedotThree might look like https://sp.example.org/Shibboleth.sso/SAML/POST