AssertionConsumerService

The <md:AssertionConsumerService> element is used to configure handlers that are responsible for consuming SAML assertions; that is, they process an assertion according to a profile, extract its contents, create a new user session, and typically produce a cookie to represent the session.

An ACS does most of the work of SSO for the SP and is the "receiving" half of the SSO message exchange started by a SessionInitiator. As a multi-protocol system, the SP itself is oblivious to specific SSO protocols; each ACS provides the implementation of a particular protocol. The "assertion" terminology is SAML-specific but is an abstraction at this level.

Protocols

ACS implementations exist for these protocols.  Precisely which ACS is defined the the  Binding attribute.

• SAML 1.x AssertionConsumerService

• SAML 2.0 AssertionConsumerService

• ADFS AssertionConsumerService

Common Attributes