Starting with version 2.2.0, the AssertionConsumerServiceUrl in the SAML-request can be derived from the URL the initial request was made to. This allows using SSO in systems wich are accesed through different base URLs.

Please be aware of these limitations:

To enable this, check Use base URL from request in the IdP-configuration.

Example:

A JIRA-instance with the configured base-URL https://jira.internal.example.com is also available ar https://jira.external.example.com. A SAML-Request usually looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
  xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://jira.internal.example.com/plugins/servlet/samlsso" Destination="https://someidp.example.com" ID="_b655e6b787907cb93fb98344e0560c3f" IssueInstant="2018-05-07T08:45:24.563Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
 [...]  
</saml2p:AuthnRequest>

If you enable Use base URL from request in the IdP-configuration and access the system via https://jira.external.example.com, it will look like this:

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
  xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://jira.external.example.com/plugins/servlet/samlsso" Destination="https://someidp.example.com" ID="_b655e6b787907cb93fb98344e0560c3f" IssueInstant="2018-05-07T08:45:24.563Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
 [...]  
</saml2p:AuthnRequest>