SAML 2.0 - Multiple AssertionConsumerService in SP

Question

I implement a SAML 2.0 SP.
I have a login servlet with endpoint https://my.domain.com/mng/samlLogin, so in the SP metadata file I define:

&l         


        

Answer 1

Yes, you can include additional elements in the SAML 2.0 SP metadata with the same binding, each with its own unique index. Alternatively you can choose to sign the authentication requests as the SP in which case you can freely specify an AssertionConsumerServiceURL without the requirement that it was published and configured earlier as part of the SP metadata exchange.

This is all spec compliant but be aware (as always with "advanced" SAML options) that your mileage may vary wrt. support across different SAML implementations.