The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

AssertionConsumerService

Owned by Scott Cantor
Last updated: Jan 04, 2008 by Former user (Deleted)Version comment
1 min read

An AssertionConsumerService is SAML terminology for a protocol endpoint at a ServiceProvider that accepts <samlp:Response> messages (or SAML artifacts) for the purpose of establishing a security context. Today, it generally refers to an HTTP resource on a web site that processes SAML protocol messages and returns a cookie representing the information extracted from the message.

In the Shibboleth SP, AssertionConsumerServices are implemented as ServiceProviderHandlers.

For the protection of the user, the valid AssertionConsumerService location(s) associated with a ServiceProvider must be registered in MetaData so that it can be checked by the IdentityProvider. This helps to prevent the delivery of personal information to unauthorized parties.

A typical AssertionConsumerService in ShibOnedotThree might look like https://sp.example.org/Shibboleth.sso/SAML/POST