Hi, As per the SAML core specification [1], below were the definitions given for ACS URL and Recipient.
- *AssertionConsumerServiceURL: *Specifies by value the location to which the <Response> message MUST be returned to the requester. The responder MUST ensure by some means that the value specified is in fact associated with the requester. [SAMLMeta] provides one possible mechanism; signing the enclosing <AuthnRequest> message is another. This attribute is mutually exclusive with the AssertionConsumerServiceIndex attribute and is typically accompanied by the ProtocolBinding attribute. - *Recipient [Optional]: *A URI specifying the entity or location to which an attesting entity can present the assertion. For example, this attribute might indicate that the assertion must be delivered to a particular network endpoint in order to prevent an intermediary from redirecting it someplace else *Question* 1. Should AssertionConsumerServiceURL and Recipient always be the same? 2. When exactly do we need to specify a recipient? Appreciate if you can explain with a sample use case. [1]. https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf Cheers! Sewmini Jayaweera *Software Engineer - QA Team* Mobile: +94 (0) 773 381 250 sewm...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev