SAML 2.0 AssertionConsumerService

Owned by Rod Widdowson
Last updated: Dec 06, 2021
1 min read

 

Advanced Configuration

Note, this is an advanced configuration feature. Most deployments can rely on the <SSO> shorthand element.

The SAML 2.0 ACS implements the SAML 2.0 Browser SSO and ECP profiles. In addition, the ACS performs attribute extractionfiltering, and resolution based on the data supplied by the IdP.

The following Binding values are supported:

  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign

  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact

  • urn:oasis:names:tc:SAML:2.0:bindings:PAOS

Attributes

In addition the following may be specified:

Name

Type

Default

Description

Name

Type

Default

Description

ignoreNoPassive 

boolean

false

If true, causes the SAML StatusCode of urn:oasis:names:tc:SAML:2.0:status:NoPassive to be ignored and treated as a silent condition resulting in redirection back to the original resource.

Example

<md:AssertionConsumerService Location="/SAML2/POST" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" conf:ignoreNoPassive="true" />