If your PingFederate configuration uses any version of SAML, you can configure assertion indexes, bindings, and endpoint URLs on the Assertion Consumer Service URL tab.
The assertion consumer service (ACS) endpoint is a location to which the single sign-on (SSO) tokens are sent, according to partner requirements. ACS is applicable to all SAML versions and both the identity provider (IdP)- and service provider (SP)-initiated SSO profiles.
The SP might request that the SAML assertion be sent to one of several URLs, using different bindings. PingFederate uses the defined URL entries on this page to validate the authentication request. However, per SAML specifications, if the request is signed, PingFederate can verify the signature instead. The ACS URL does not necessarily need to be listed here. This is useful for scenarios where an ACS URL might be dynamically generated.
Some federation use cases might require additional customizations in the assertions sent from the PingFederate IdP server to the SP, such as placing well-formed XML in the <AttributeValue> element or including the optional SessionNotOnOrAfter attribute in the <AuthnStatement> element. You can use OGNL expressions to fulfill these use cases.
If you are editing an existing connection, you can reconfigure any items, which could require additional configuration changes in subsequent tasks. You must always configure at least one ACS endpoint.