The application or service that relies on an identity provider for user authentication in a SAML-based single sign-on system.
SAML Service Provider (SP) is the application that outsources authentication to an external Identity Provider. The SP publishes metadata (its entity ID, Assertion Consumer Service URL, and signing certificate), sends authentication requests, and consumes signed assertions to establish a local session.
The core cryptographic and temporal checks (signature verification, NotBefore/NotOnOrAfter, Destination, InResponseTo, trusted issuer) are shared with the message and assertion. See SAMLResponse and SAML Assertion for that checklist. The concerns below are specific to acting as an SP.
An assertion is issued for one specific SP. Two bindings enforce this, and both must be checked against this SP's own metadata, not against a value taken from the incoming message:
<saml:Audience> must equal this SP's entity ID. An assertion legitimately minted for a different SP must be rejected, even if its signature is valid.Recipient on the SubjectConfirmationData and the response Destination must match this SP's registered ACS URL.<saml:AudienceRestriction>
<saml:Audience>https://sp.example.com</saml:Audience> <!-- must equal our entity ID -->
</saml:AudienceRestriction>
...
Recipient="https://sp.example.com/acs" <!-- must equal our ACS URL -->
Skipping the Audience check turns any SP the IdP serves into an oracle: an attacker who can obtain a valid assertion for a low-value SP can replay it to a high-value SP that trusts the same IdP.
An IdP-initiated response arrives at the ACS with no InResponseTo, because the SP never issued a request. This removes the strongest replay/CSRF defence, so an SP that accepts unsolicited responses cannot rely on InResponseTo at all:
InResponseTo is only acceptable when the flow was genuinely IdP-initiated; a present-but-unknown InResponseTo must always be rejected.RelayState carries the SP's post-login return location back through the IdP round trip. Because it is reflected verbatim into a redirect after authentication, treating it as a trusted URL is an open redirect:
POST /saml/acs
SAMLResponse=PHNhbWxwOlJlc3BvbnNl...&RelayState=https://evil.example/phish