SAML 2.0 Requirements for Service Providers - AuthnRequest
The following tables outline the supported SAML 2.0 elements required for service providers using the Cloud Access Service (CAS) as an IdP to manage authentication. Provide this information to your application administrators.
AuthnRequest
<AuthRequest> Attribute or Element | Status and Supported Values |
|---|---|
ID | Required |
Version | Required Value: 2.0 |
IssueInstant | Required |
Destination | Optional |
Consent | Not supported. Ignored. |
ForceAuthn | Optional Default value: false |
IsPassive | Optional Default value: false |
ProtocolBinding | Optional
Values: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
AssertionConsumerServiceIndex | Supported. |
AssertionConsumerServiceURL | Optional |
AttributeConsumingServiceIndex | Not supported. Do not include. |
ProviderName | Not supported. Ignored. |
<saml:Issuer> | Required |
Format | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
<ds:Signature> | Optional |
<samlp:Extensions> | Not supported. Do not include. |
<saml:Subject> |
|
Format | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
| Not supported. Do not include. |
| Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Format | Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
| <samlp:NameIDPolicy> | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Format | Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Not supported. Must be omitted. |
AllowCreate | Not supported. Do not include. |
<saml:Conditions> | Optional |
NotBefore | Optional |
NotOnOrAfter | Optional |
| Not supported. Do not include. |
| <samlp:RequestedAuthnContext> | Optional In a future release, RSA will require all requests that use this attribute to be signed. |
Comparison | Optional Value: exact |
| Required. Only a single entry is supported. Allowed values:
Example
<saml2p:RequestedAuthnContext>
</saml2p:RequestedAuthnContext>
For additional examples, see SAML 2.0 Requirements for Service Providers - AuthnRequest. |
<saml:AuthnContextDeclRef> | Not supported. |
| samlp:Scoping | Not supported. Do not include. |
For more information, see the following topics:
Related Articles
SAML 2.0 Requirements for Service Providers - Metadata Number of Views SAML 2.0 Requirements for Service Providers Number of Views You uploaded an invalid file error during Quick Setup of the RSA SecurID Appliance 8.x Number of Views Change the Hostname of a Primary or Replica Instance in Azure Number of Views RSA Authentication Manager 8.8 Amazon Machine Image (AMI) Getting Started Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA Authentication Manager Patch Updates How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Artifacts to gather in RSA Identity Governance & Lifecycle
