The spAssertionConsumer.jsp processes the responses that a service provider receives from an identity provider. When a service provider wants to authenticate a user, it sends an authentication request to an identity provider. The AuthnRequest asks that the identity provider return a Response containing one or more assertions. The spAssertionConsumer.jsp receives and parses the Response (or an artifact representing it). The endpoint for this JSP is protocol://host:port/service-deploy-uri/Consumer. Some ways in which the spAssertionConsumer.jsp can be customized include:
The localLoginUrl parameter in the spAssertionConsumer.jsp retrieves the value of the localAuthUrl property in the service provider's extended metadata configuration. The value of localAuthUrl points to the local login page on the service provider side. If localAuthUrl is not defined, the login URL is calculated using the Assertion Consumer Service URL defined in the service provider's standard metadata configuration. Changing the localLoginUrl parameter value in spAssertionConsumer.jsp is another way to define the service provider's local login URL.
After a successful single sign-on and before the final protected resource (defined in the <RelayState> element) is accessed, the user may be directed to an intermediate URL, if one is configured as the value of the intermediateUrl property in the service provider's extended metadata configuration file. For example, this intermediate URL might be a successful account creation page after the auto-creation of a user account. The redirectUrl in spAssertionConsumer.jsp can be modified to override the intermediateUrl value.