Configuring external AssertionConsumerService, and documentation for protocols.xml

Langlois, Charles charles.langlois at
Fri Aug 21 18:35:18 UTC 2020

What I'm trying to do is have an assertion consumer service that is implemented outside shibboleth. There's a reply URL configured in the Azure IdP that is not shibboleth's default.
I need to change shibboleth's config to match the IdP.

Are you telling me what I want to do is impossible? That Shibboleth cannot advertise an ACS URL that it does not handle itself?

There's also the question of the protocols.xml file. Is there documentation on how to change that file for my needs?


Charles Langlois

Digital Tech Developer Sr. Analyst

Mobile: +1<tel:(438)888-0680>(514)-892-2258
Accenture Interactive

5605 avenue de Gaspé, Suite 902

Montréal, QC, Canada - H2T 2A4

From: users <users-bounces at> on behalf of Cantor, Scott <cantor.2 at>
Sent: August 21, 2020 2:01 PM
To: Shib Users <users at>
Subject: [External] Re: Configuring external AssertionConsumerService, and documentation for protocols.xml

This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.

On 8/21/20, 12:42 PM, "users on behalf of Langlois, Charles" <users-bounces at on behalf of charles.langlois at> wrote:

> is it possible to specify a URL for an assertion consumer service that is not part of the shibboleth url namespace?

I don't know what you mean by "shibboleth url namespace".

If you're trying to ask if you can have an ACS location that isn't within/under the typical /Shibboleth.sso handler base path, no, you can't.

You can change the handler path itself with the handlerURL parameter (and in some cases other changes) but whatever it is, the ACS has to be under the path specified by the setting, and the fact that it happens to be /SAML2/POST or whatever is not really terribly important or useful to change.

-- Scott

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at


This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list