This is an advanced configuration feature. Most deployments can rely on the
<md:ArtifactResolutionService> element is used to configure handlers that are responsible for resolving SAML 2.0 artifacts into protocol messages.
The HTTP-Artifact binding in SAML 2.0 allows messages sent by the SP to an IdP to be carried by reference using a simple redirect, instead of by value. The downside is that an extra callback is required to turn the artifact back into the original message, typically using SOAP.
As a multi-protocol system, the SP itself is oblivious to specific management protocols; each handler provides the implementation of a particular protocol.
An implementation exists only for the SAML2 protocol, this implements the dereferencing/resolution steps of the SAML 2.0 HTTP-Artifact binding.
Binding values are supported:
Note that authentication of the request is controlled by the security policy rules in effect.
The following may be specified for all protocols and bindings
The location of the service (when combined with the base handlerURL). This is the location to which an IdP sends requests to resolve artifacts.
Identifies the protocol binding supported by the service.
A "tag" that identifies the ACS endpoint so that it can be referenced by other configuration elements or applications. It is strongly suggested that the values correspond to the values included in the SP's metadata.