In order to authenticate a given user, the SAML Session Provider creates an authentication request which is provided to the identity provider (IdP). The response (assertion) is returned to one of a set of pre-configured login endpoints also known as assertion consumer service locations. These are endpoints where the SAML Session Provider receives and handles assertions from the IdP.
If you access secured web applications in the grid via a proxy server or load balancer, you must add assertion consumer services representing the proxy host.
The SAML protocol also supports single logout among all configured SAML service providers. In order for SAML Session Provider to participate in the logout process, it must have a logout endpoint configured and the identity provider which initiates the logout requests must know about the endpoint.