Configuring external AssertionConsumerService, and documentation for protocols.xml

Cantor, Scott cantor.2 at
Fri Aug 21 19:44:58 UTC 2020

On 8/21/20, 2:35 PM, "users on behalf of Langlois, Charles" <users-bounces at on behalf of charles.langlois at> wrote:

>    What I'm trying to do is have an assertion consumer service that is implemented outside shibboleth. 

If you have your own SP, the SP shouldn't need to be there to begin with.

>    Are you telling me what I want to do is impossible? That Shibboleth cannot advertise an ACS URL that it does
> not handle itself?

Shibboleth doesn't "adverstise" anything, one's metadata does. As Nate said, change your metadata published to partners to anything you want it to be so that it does not reference the SP at all.

>    There's also the question of the protocols.xml file. Is there documentation on how to change that file for my needs?

No, and it would serve no purpose to do so, it's got nothing to do with anything you're asking.

I think your problem is that you're imagining you can somehow use the SP to make requests but not handle responses. Making requests is essentially trivial. There's no value to trying to let the SP do "just that part".

The only cases in which the SP serves any purpose if it's not actually providing SAML processing are pretty rare and far off the beaten path.

-- Scott

More information about the users mailing list