--- title: Setting Assertion Consumer Service URLs (SAML) description: If your PingFederate configuration uses any version of SAML, you can configure assertion indexes, bindings, and endpoint URLs on the Assertion Consumer Service URL tab. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:help_spprotocolsettingstasklet_assertionconsumerservicestate canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_spprotocolsettingstasklet_assertionconsumerservicestate.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 5, 2022 section_ids: before-you-begin: Before you begin about-this-task: About this task steps: Steps result: Result --- # Setting Assertion Consumer Service URLs (SAML) If your PingFederate configuration uses any version of SAML, you can configure assertion indexes, bindings, and endpoint URLs on the **Assertion Consumer Service URL** tab. ## Before you begin For prerequisites and initial steps to configure Browser SSO protocol settings, see [Configuring protocol settings](help_spbrowserssotasklet_spprotocolsettingsstate.html). ## About this task The assertion consumer service (ACS) endpoint is a location to which the single sign-on (SSO) tokens are sent, according to partner requirements. ACS is applicable to all SAML versions and both the identity provider (IdP)- and service provider (SP)-initiated SSO profiles. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The SP might request that the SAML assertion be sent to one of several URLs, using different bindings. PingFederate uses the defined URL entries on this page to validate the authentication request. However, per SAML specifications, if the request is signed, PingFederate can verify the signature instead. The ACS URL does not necessarily need to be listed here. This is useful for scenarios where an ACS URL might be dynamically generated. | Some federation use cases might require additional customizations in the assertions sent from the PingFederate IdP server to the SP, such as placing well-formed XML in the `` element or including the optional `SessionNotOnOrAfter` attribute in the `` element. You can use OGNL expressions to fulfill these use cases. ## Steps 1. In the **Assertion Consumer Service URL** tab, configure one or more SAML ACS endpoints. 1. Select a SAML binding from the **Binding**drop-down list. 2. Enter the ACS endpoint URL to the **Endpoint URL** field. You can enter a relative path (begin with a forward slash) if you have provided a base URL on the **General Info** window. 3. (Optional) Select the **Default** box if you want this entry to be the default ACS endpoint. The administrative console always sets the first entry as the default ACS endpoint. You can reset the default endpoint when you add ACS endpoint. 4. (Optional) Enter an integer to the **Index** field for this ACS endpoint. The administrative console automatically assigns an index value for each ACS endpoint, starting from 0. If you want to define your own index values, you must make sure the index values are unique. 1. Click **Add**. 2. (Optional) Repeat to add additional ACS endpoints. 2. (Optional) Customize messages using OGNL expressions. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | OGNL expressions are not enabled by default. For more information about enabling and editing OGNL expressions, see [Attribute mapping expressions](pf_attribute_mapping_expressions.html). | 1. Click **Show Advanced Customizations**. 2. Select a message type from the list. 3. Enter an OGNL expression to fulfill your use case. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | For more information about **Message Type**, available variables, and sample OGNL expressions, see [Customizing assertions and authentication requests](pf_customiz_assert_and_auth_requests.html). | 4. Click **Add**. 5. (Optional) Repeat to add another message customization. 3. Click **Next** to proceed to the next tab. For SAML 1.x configurations, see [Setting a default target URL (SAML 1.x)](help_spprotocolsettingstasklet_defaulttargeturlstate.html). For SAML 2.0, see [Specifying SLO service URLs (SAML 2.0)](help_spprotocolsettingstasklet_sloserviceurlconfigstate.html). ## Result If you are editing an existing connection, you can reconfigure any items, which could require additional configuration changes in subsequent tasks. You must always configure at least one ACS endpoint.