There are 2 ways to specify endpoint acting as the Assertion Consumer Service in the Query Parameters for the AuthnRequest Server at the SP side.
You can use an index, or specify it explicitly. To illustrate :
1. AssertionConsumerServiceIndex=1
or
2. AssertionConsumerServiceURL=https://_host.example.com/path1/example.sso/SAML2/POST
In our setting, we've set the second, AssertionConsumerServiceURL.
We have our SP sending AuthnRequest with AssertionConsumerServiceURL: https://_host.example.com/path1/example.sso/SAML2/POST
However, we observe the IDP defaulting to different url: https://_host.example.com/path0/example.sso/SAML2/POST. How can we force
the explicitly use of the value from AssertionConsumerServiceURL ?
You'll have to enable the flag "Accept Only Registered Remote ACS URL in Authnrequest" in the Local IDP>Remote SP partnership
in order to get the AssertionConsumerServiceURL to take preceedence on the others configured on the IDP side.
You will have to enable the flag "Accept Only Registered Remote ACS URL in Authnrequest" in the Local IDP>Remote SP partnership.