SAML 2.0 Requirements for Service Providers - AuthnRequest
The following tables outline the supported SAML 2.0 elements required for service providers using the Cloud Access Service (CAS) as an IdP to manage authentication. Provide this information to your application administrators.
AuthnRequest
<AuthRequest> Attribute or Element | Status and Supported Values |
|---|---|
ID | Required |
Version | Required Value: 2.0 |
IssueInstant | Required |
Destination | Optional |
Consent | Not supported. Ignored. |
ForceAuthn | Optional Default value: false |
IsPassive | Optional Default value: false |
ProtocolBinding | Optional
Values: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
AssertionConsumerServiceIndex | Supported. |
AssertionConsumerServiceURL | Optional |
AttributeConsumingServiceIndex | Not supported. Do not include. |
ProviderName | Not supported. Ignored. |
<saml:Issuer> | Required |
Format | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
<ds:Signature> | Optional |
<samlp:Extensions> | Not supported. Do not include. |
<saml:Subject> |
|
Format | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
| Not supported. Do not include. |
| Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Format | Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
| <samlp:NameIDPolicy> | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Format | Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Not supported. Must be omitted. |
AllowCreate | Not supported. Do not include. |
<saml:Conditions> | Optional |
NotBefore | Optional |
NotOnOrAfter | Optional |
| Not supported. Do not include. |
| <samlp:RequestedAuthnContext> | Optional In a future release, RSA will require all requests that use this attribute to be signed. |
Comparison | Optional Value: exact |
| Required. Only a single entry is supported. Allowed values:
Example
<saml2p:RequestedAuthnContext>
</saml2p:RequestedAuthnContext>
For additional examples, see SAML 2.0 Requirements for Service Providers - AuthnRequest. |
<saml:AuthnContextDeclRef> | Not supported. |
| samlp:Scoping | Not supported. Do not include. |
For more information, see the following topics:
Related Articles
SAML 2.0 Requirements for Service Providers - Metadata Number of Views SAML 2.0 Requirements for Service Providers Number of Views Identity Router DNS Requirements Number of Views SAML 2.0 Requirements for Service Providers - Supported RequestedAuthnContext Examples Number of Views RSA SecurID Authenticator 4.1 for iOS and Android Quick Start Guide (Italian) Number of Views
Trending Articles
Troubleshooting AFX Server issues in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Troubleshooting RSA MFA Agent for Microsoft Windows
