Reference
In this section, you'll find a detailed explanation of the available options for setting up an Service Provider (SP). Common options between Identity Provider (IDP) and SP can be found in the generic reference.
Assertion consumer services
The Assertion Consumer Service (ACS) is the endpoint where the IDP sends to SP the SAML response containing the assertion that confirms the user's identity. Different protocols could be use to transport SAML assertion, these methods are called bindings. A SP has the flexibility to define one or multiple ACS endpoints, each of which can be associated with a specific binding protocol. The SP may use an index to uniquely identify an endpoint when multiple endpoints with the same binding are present. Each endpoint is fully defined by three values:
Binding: Is the protocol supported by the endpoint. The supported values from Monokee are:
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST: This binding is used for sending SAML Response containing assertion. To send these messages, they are first encoded in Base64 format and included as the value of a parameter in the body of an HTTP POST request. The content type of this request is usually set to
application/x-www-form-urlencoded, which allows for the message to be transmitted as key-value pairs in the request body.
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST: This binding is used for sending SAML Response containing assertion. To send these messages, they are first encoded in Base64 format and included as the value of a parameter in the body of an HTTP POST request. The content type of this request is usually set to
Index: Is the number that uniquely identifies the endpoint within a set of endpoints of the same type.
- Location: Is the the URL of the endpoint where the SP expects to receive the SAML assertion from the IDP.
Attribute consuming services
Attribute Consuming Services (ACS) refers to a type of web service that consumes or receives user attributes from a third-party IDP during authentication or authorization. In simple terms, ACS is a service that relies on an external IDP to authenticate or authorize a user, and uses attributes received from the IDP to make access control decisions or personalization features. Each endpoint is fully defined by the following values:
- Index: Is the number that uniquely identifies the endpoint within a set of endpoints of the same type.
- By default: This property indicates whether the ACS is the preferred one.
- Service name: The list of language-value pairs. It's the language-qualified name for the service.
- Service description: The list of language-value pairs. It's the language-qualified description for the service.
- Requested attributes: The list that specifies attributes required or desired by this service.