Clear out the confusion about the use of ACS acronym

ACS is usually used to refer to the Assertion Consumer Service concept
in SAML. The ACS may also behave as an Attribute Consuming Services,
but in general the two concepts are separate. This fixes the use of the
ACS acronym for the Assertion Consumer Service only.

Author: mauromol

README.md

@@ -500,36 +500,36 @@ The getSPMetadata will return the metadata signed or not based on the security p
 
 Before the XML metadata is exposed, a check takes place to ensure that the info to be provided is valid.
 
-##### Attribute Consuming Service (ACS)
+##### Attribute Consuming Services
 The SP may optionally specify one or more Attribute Consuming Services in its metadata. These can be configured in the settings.
 
-If just one ACS is required:
+If just one Attribute Consuming Service is required:
 
 ```properties
-# Attribute Consuming Service name when just one ACS should be declared by the SP.
-# Comment out or set to empty if no ACS should be declared, or if multiple ones should (see below). 
+# Attribute Consuming Service name when just one such service should be declared by the SP.
+# Comment out or set to empty if no Attribute Consuming Service should be declared, or if multiple ones should (see below). 
 # The service name is mandatory.
 onelogin.saml2.sp.attribute_consuming_service.name = My service
 
-# Attribute Consuming Service description when just one ACS should be declared by the SP.
+# Attribute Consuming Service description when just one such service should be declared by the SP.
 # Ignored if the previous property is commented or empty. 
 # The service description is optional.
 onelogin.saml2.sp.attribute_consuming_service.description = My service description
 
-# Language used for Attribute Consuming Service name and description when just one ACS should be declared by the SP.
+# Language used for Attribute Consuming Service name and description when just one such service should be declared by the SP.
 # Ignored if the name property is commented or empty. 
-# The language is optional and default to "en" (English).
+# The language is optional and defaults to "en" (English).
 onelogin.saml2.sp.attribute_consuming_service.lang = en
 
-# Requested attributes to be included in the Attribute Consuming Service when just one ACS should be declared by the SP.
+# Requested attributes to be included in the Attribute Consuming Service when just one such service should be declared by the SP.
 # At least one requested attribute must be specified, otherwise schema validation will fail.
 # Attribute properties are indexed properties, starting from 0. The index is used only to enumerate and sort attributes, but it's required.
 # The following properties allow to define each requested attribute:
 # - name: mandatory
 # - name_format: optional; if omitted, defaults to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
 # - friendly_name: optional; if omitted, it won't appear in SP metadata
 # - required: optional; if omitted or empty, defaults to false
-# - value[x]: an attribute value; the [x] is only used only to enumerate and sort values, but it's required
+# - value[x]: an attribute value; the [x] index is used only to enumerate and sort values, but it's required
 # Please note that only simple values are currently supported and treated internally as strings. Hence no structured values
 # and no ability to specify an xsi:type attribute. 
 # Attribute values are optional and most often they are simply omitted.
@@ -541,9 +541,10 @@ onelogin.saml2.sp.attribute_consuming_service.attribute[0].value[0] = foo@exampl
 onelogin.saml2.sp.attribute_consuming_service.attribute[0].value[1] = bar@example.org
 ```
 
-If multiple ACSs are required, they can be specified in a similar way, but using indexes: these indexes are used to enumerate and
-identify attribute consuming services within the SP metadata and can be subsequently used in the auth process to specify which
-attribute set should be requested to the IdP. The "default" property can also be set to designate the default ACS. Here is an example:
+If multiple Attribute Consuming Services are required, they can be specified in a similar way, but using indexes: these indexes 
+are used to enumerate and identify attribute consuming services within the SP metadata and can be subsequently used in the auth 
+process to specify which attribute set should be requested to the IdP. The "default" property can also be set to designate the 
+default Attribute Consuming Service. Here is an example:
 
 ```properties
 onelogin.saml2.sp.attribute_consuming_service[0].name = Just e-mail
@@ -571,15 +572,17 @@ import static com.onelogin.saml2.authn.AttributeConsumingServiceSelector.*;
 Auth auth = new Auth(request, response);
 // select by index 1
 auth.login(new AuthnRequestParams(false, false, true, byIndex(1));
-// or select by ACS name
+// or select by service name
 auth.login(new AuthnRequestParams(false, false, true, byServiceName(auth.getSettings(), "Anagrafica"));
 // or see AttributeConsumingServiceSelector interface implementations for more options
 ```
 
 If no selector is specified, `AttributeConsumingServiceSelector.useDefault()` will be used, which will simply omit any
 `AttributeConsumingServiceIndex` from the request, hence leaving the IdP choose the default attribute set agreed upon.
 
-Then, the following code handles the SAML response that the IdP forwards to the SP through the user's client:
+
+##### Assertion Consumer Service (ACS)
+This code handles the SAML response that the IdP forwards to the SP through the user's client:
 
 ```java
 Auth auth = new Auth(request, response);

core/src/main/java/com/onelogin/saml2/settings/Metadata.java

@@ -177,7 +177,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) throws Certif
 		valueMap.put("spAssertionConsumerServiceUrl", Util.toXml(settings.getSpAssertionConsumerServiceUrl().toString()));
 		valueMap.put("sls", toSLSXml(settings.getSpSingleLogoutServiceUrl(), settings.getSpSingleLogoutServiceBinding()));
 
-		// if an ACS was specified at construction time, use it in place of the ones specified in settings
+		// if an Attribute Consuming Service was specified at construction time, use it in place of the ones specified in settings
 		// this is for backward compatibility
 		valueMap.put("strAttributeConsumingService",
 		            toAttributeConsumingServicesXml(attributeConsumingService != null 

core/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java

@@ -519,17 +519,17 @@ private List<Contact> loadContacts() {
 	 */
 	private List<AttributeConsumingService> loadAttributeConsumingServices() {
 		// first split properties into a map of properties
-		// key = ACS index; value = ACS properties
+		// key = service index; value = service properties
 		final SortedMap<Integer, Map<String, Object>> acsProps = 
 				extractIndexedProperties(SP_ATTRIBUTE_CONSUMING_SERVICE_PROPERTY_KEY_PREFIX, samlData);
-		// then build each ACS
+		// then build each Attribute Consuming Service
 		if(acsProps.containsKey(-1) && acsProps.size() == 1)
-			// single ACS specified; use index 1 for backward compatibility
+			// single service specified; use index 1 for backward compatibility
 			return Arrays.asList(loadAttributeConsumingService(acsProps.get(-1), 1));
 		else
-			// multiple indexed ACSs specified
+			// multiple indexed services specified
 			return acsProps.entrySet().stream()
-					// ignore non-indexed ACS
+					// ignore non-indexed service
 					.filter(entry -> entry.getKey() != -1)
 			            .map(entry -> loadAttributeConsumingService(entry.getValue(), entry.getKey()))
 			            .collect(Collectors.toList());
@@ -539,10 +539,10 @@ private List<AttributeConsumingService> loadAttributeConsumingServices() {
 	 * Loads a single Attribute Consuming Service from settings.
 	 * 
 	 * @param acsProps
-	 *              a map containing the ACS settings
+	 *              a map containing the Attribute Consuming Service settings
 	 * @param index
-	 *              the index to be set on the returned ACS
-	 * @return the loaded ACS
+	 *              the index to be set on the returned Attribute Consuming Service
+	 * @return the loaded Attribute Consuming Service
 	 */
 	private AttributeConsumingService loadAttributeConsumingService(Map<String, Object> acsProps, int index) {
 		final String serviceName =  loadStringProperty(SP_ATTRIBUTE_CONSUMING_SERVICE_NAME_PROPERTY_KEY_SUFFIX, acsProps);

core/src/test/java/com/onelogin/saml2/test/settings/MetadataTest.java

@@ -660,7 +660,7 @@ public void testToAttributeConsumingServiceXmlWithMultipleAttributeValueLegacySp
 	 * @see com.onelogin.saml2.settings.Metadata#toAttributeConsumingServicesXml
 	 */
 	@Test
-	public void testToAttributeConsumingServiceXmlSingleACS() throws IOException, CertificateEncodingException, Error {
+	public void testToAttributeConsumingServiceXmlSingleService() throws IOException, CertificateEncodingException, Error {
 		Saml2Settings settings = getSettingFromAllProperties();
 
 		Metadata metadataObj = new Metadata(settings, null, null);
@@ -731,8 +731,8 @@ public void testToAttributeConsumingServiceXmlSingleACSSpecialChars() throws IOE
 	 * @see com.onelogin.saml2.settings.Metadata#toAttributeConsumingServicesXml
 	 */
 	@Test
-	public void testToAttributeConsumingServiceXmlMultiACS() throws IOException, CertificateEncodingException, Error {
-		Saml2Settings settings = getSettingFromAllPropertiesMultiACS();
+	public void testToAttributeConsumingServiceXmlMultiServices() throws IOException, CertificateEncodingException, Error {
+		Saml2Settings settings = getSettingFromAllPropertiesMultiAttributeConsumingServices();
 
 		Metadata metadataObj = new Metadata(settings, null, null);
 		String metadataStr = metadataObj.getMetadataString();
@@ -866,7 +866,7 @@ private Saml2Settings getSettingFromAllSpecialCharsProperties() throws Error, IO
 		return new SettingsBuilder().fromFile("config/config.all_specialchars.properties").build();
 	}
 
-	private Saml2Settings getSettingFromAllPropertiesMultiACS() throws Error, IOException {
+	private Saml2Settings getSettingFromAllPropertiesMultiAttributeConsumingServices() throws Error, IOException {
 		return new SettingsBuilder().fromFile("config/config.all_multi_attribute_consuming_services.properties").build();
 	}
 

core/src/test/resources/config/config.all.properties

@@ -31,22 +31,22 @@ onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bi
 # Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
 onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
 
-# Attribute Consuming Service name when just one ACS should be declared by the SP.
-# Comment out or set to empty if no ACS should be declared, or if multiple ones should (see below). 
+# Attribute Consuming Service name when just one such service should be declared by the SP.
+# Comment out or set to empty if no Attribute Consuming Service should be declared, or if multiple ones should (see below). 
 # The service name is mandatory.
 onelogin.saml2.sp.attribute_consuming_service.name = My service
 
-# Attribute Consuming Service description when just one ACS should be declared by the SP.
+# Attribute Consuming Service description when just one such service should be declared by the SP.
 # Ignored if the previous property is commented or empty. 
 # The service description is optional.
 onelogin.saml2.sp.attribute_consuming_service.description = My service description
 
-# Language used for Attribute Consuming Service name and description when just one ACS should be declared by the SP.
+# Language used for Attribute Consuming Service name and description when just one such service should be declared by the SP.
 # Ignored if the name property is commented or empty. 
 # The language is optional and default to "en" (English).
 onelogin.saml2.sp.attribute_consuming_service.lang = en
 
-# Attributes to be included in the Attribute Consuming Service when just one ACS should be declared by the SP.
+# Attributes to be included in the Attribute Consuming Service when just one such service should be declared by the SP.
 # These are indexed properties, starting from 0. The index is used only to enumerate and sort attributes, but it's required.
 # The following properties allow to define each attribute:
 # - name: mandatory

core/src/test/resources/config/config.all_multi_attribute_consuming_services.properties

@@ -31,24 +31,24 @@ onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bi
 # Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
 onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
 
-# THE FOLLOWING PROPERTIES FOR SINGLE ACS MUST BE IGNORED - MULTIPLE SERVICES DEFINED LATER
+# THE FOLLOWING PROPERTIES FOR SINGLE ATTRIBUTE CONSUMING SERVICE MUST BE IGNORED - MULTIPLE SERVICES DEFINED LATER
 
-# Attribute Consuming Service name when just one ACS should be declared by the SP.
-# Comment out or set to empty if no ACS should be declared, or if multiple ones should (see below). 
+# Attribute Consuming Service name when just one such service should be declared by the SP.
+# Comment out or set to empty if no Attribute Consuming Service should be declared, or if multiple ones should (see below). 
 # The service name is mandatory.
 onelogin.saml2.sp.attribute_consuming_service.name = My service
 
-# Attribute Consuming Service description when just one ACS should be declared by the SP.
+# Attribute Consuming Service description when just one such service should be declared by the SP.
 # Ignored if the previous property is commented or empty. 
 # The service description is optional.
 onelogin.saml2.sp.attribute_consuming_service.description = My service description
 
-# Language used for Attribute Consuming Service name and description when just one ACS should be declared by the SP.
+# Language used for Attribute Consuming Service name and description when just one such service should be declared by the SP.
 # Ignored if the name property is commented or empty. 
 # The language is optional and default to "en" (English).
 onelogin.saml2.sp.attribute_consuming_service.lang = en
 
-# Attributes to be included in the Attribute Consuming Service when just one ACS should be declared by the SP.
+# Attributes to be included in the Attribute Consuming Service when just one such service should be declared by the SP.
 # These are indexed properties, starting from 0. The index is used only to enumerate and sort attributes, but it's required.
 # The following properties allow to define each attribute:
 # - name: mandatory

core/src/test/resources/config/config.all_specialchars.properties

@@ -31,22 +31,22 @@ onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bi
 # Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
 onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
 
-# Attribute Consuming Service name when just one ACS should be declared by the SP.
-# Comment out or set to empty if no ACS should be declared, or if multiple ones should (see below). 
+# Attribute Consuming Service name when just one such service should be declared by the SP.
+# Comment out or set to empty if no Attribute Consuming Service should be declared, or if multiple ones should (see below). 
 # The service name is mandatory.
 onelogin.saml2.sp.attribute_consuming_service.name = My s&rvice
 
-# Attribute Consuming Service description when just one ACS should be declared by the SP.
+# Attribute Consuming Service description when just one such service should be declared by the SP.
 # Ignored if the previous property is commented or empty. 
 # The service description is optional.
 onelogin.saml2.sp.attribute_consuming_service.description = My s&rvice description
 
-# Language used for Attribute Consuming Service name and description when just one ACS should be declared by the SP.
+# Language used for Attribute Consuming Service name and description when just one such service should be declared by the SP.
 # Ignored if the name property is commented or empty. 
 # The language is optional and default to "en" (English).
 onelogin.saml2.sp.attribute_consuming_service.lang = &n
 
-# Attributes to be included in the Attribute Consuming Service when just one ACS should be declared by the SP.
+# Attributes to be included in the Attribute Consuming Service when just one such service should be declared by the SP.
 # These are indexed properties, starting from 0. The index is used only to enumerate and sort attributes, but it's required.
 # The following properties allow to define each attribute:
 # - name: mandatory
@@ -171,6 +171,15 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-
 #  'http://www.w3.org/2001/04/xmlenc#sha512'
 onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512
 
+# Enable trimming of parsed Name IDs and attribute values
+# SAML specification states that no trimming for string elements should be performed, so no trimming will be
+# performed by default on extracted Name IDs and attribute values. However, some SAML implementations may add
+# undesirable surrounding whitespace when outputting XML (possibly due to formatting/pretty-printing).
+# These two options allow to optionally enable value trimming on extracted Name IDs (including issuers) and 
+# attribute values.
+onelogin.saml2.parsing.trim_name_ids = false
+onelogin.saml2.parsing.trim_attribute_values = false
+
 # Organization
 onelogin.saml2.organization.name = S&P Java 
 onelogin.saml2.organization.displayname = S&P Java "Example"

core/src/test/resources/config/config.min_multi_attribute_consuming_services.properties

@@ -10,7 +10,7 @@ onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-sa
 # URL Location where the <LogoutResponse> from the IdP will be returned or where to send the <LogoutRequest>
 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp
 
-# Attributes to be included in the Attribute Consuming Service when just one ACS should be declared by the SP.
+# Attributes to be included in the Attribute Consuming Service when just one such service should be declared by the SP.
 # These are indexed properties, starting from 0. The index is used only to enumerate and sort attributes, but it's required.
 # The following properties allow to define each attribute:
 # - name: mandatory