ACSCommonAttributes

The following may be specified for all protocols and bindings.

Name

Type

Default

Description

Name

Type

Default

Description

Location 

relative path

required

The location of the ACS (when combined with the base handlerURL). This is the location to which an IdP sends assertions using whatever protocol and binding it shares with the SP. Each combination of SSO protocol and binding is usually installed at a unique location to improve efficiency.

Binding 

URI

required

Identifies the protocol binding supported by the ACS. Bindings describe how the assertion and any enclosing content are packaged by the IdP (or by the browser in some cases) for consumption by the ACS. As an example, the SAML 2.0 specification and subsequent documents describe as many as 4-5 different bindings that all underlie essentially the same SSO protocol.

index 

unsigned integer



A "tag" that identifies the ACS endpoint so that it can be referenced by other configuration elements or applications. It is strongly suggested that the values correspond to the values included in the SP's Metadata.

conf:policyId 

namespace-qualified by 
urn:mace:shibboleth:3.0:native:sp:config



References the id of a <Policy> element in the configuration and causes that security policy to be applied to messages sent to this endpoint. Not generally used because attackers can bypass special policies by choosing the most advantageous endpoint, but allows for more advanced extension features in the future

conf:signing 

namespace-qualified by
urn:mace:shibboleth:3.0:native:sp:config


one of
conditional, true, false, front, back



See Signing&Encryption. Controls outbound signing of XML messages and content subject to applicability to the protocol involved.
This has no effect with any existing supported protocols.

conf:encryption 



See Signing&Encryption. Controls outbound encryption of XML messages and content subject to applicability to the protocol involved.
This has no effect with any existing supported protocols.