Removing ServiceProvider tag from SAML.config

We are implementing service provider initiated SSO. Below is a sample SAML.config. Now when InitiateSSO call is made, SingleSignOnServiceUrl is picked up based on the PartnerIdentityProviderName passed to the initiateSSO call. I believe the first service provider tag containing attribute ‘AssertionConsumerServiceUrl’ is required only for IdP initiated SSO. But when we remove that tag, call to initiateSSO function gives exception “A local identity or service provider must be configured”. Preferably we would like to remove that tag since it is unused.

Please advise.

<ServiceProvider Name=“SP1”
AssertionConsumerServiceUrl=“/Login.aspx”
LocalCertificateFile=“”
LocalCertificatePassword=“”/>

<PartnerIdentityProvider Name=“Development”
SignAuthnRequest=“false”
WantSAMLResponseSigned=“false”
WantAssertionSigned=“false”
WantAssertionEncrypted=“false”
SingleSignOnServiceUrl=“some url”
SingleLogoutServiceUrl=“some url”
SingleLogoutServiceBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”
SingleSignOnServiceBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”
OverridePendingAuthnRequest=“false”
PartnerCertificateFile=“”/>

The is required.
The Name field is mandatory and is used to specify the Issuer field in the SAML authn request.
The AssertionConsumerServiceUrl is optional but recommended if you’re supporting SP-initiated SSO. If configured, it’s included in the SAML authn request. Some identity provider’s require this field although according to the SAML specification it’s optional. The safest thing to do is specify it for maximum interoperability.
The LocalCertificateFile and LocalCertificatePassword are optional. They’re only required if SignAuthnRequest is true or WantAssertionEncrypted is true for any of the entries.
So, as a bare minimum you need:



I also recommend you use unique names in the form of URLs for the and . These names are supposed to be globally unique.