SAML 2.0 Requirements for Service Providers - AuthnRequest
The following tables outline the supported SAML 2.0 elements required for service providers using the Cloud Access Service (CAS) as an IdP to manage authentication. Provide this information to your application administrators.
AuthnRequest
<AuthRequest> Attribute or Element | Status and Supported Values |
|---|---|
ID | Required |
Version | Required Value: 2.0 |
IssueInstant | Required |
Destination | Optional |
Consent | Not supported. Ignored. |
ForceAuthn | Optional Default value: false |
IsPassive | Optional Default value: false |
ProtocolBinding | Optional
Values: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
AssertionConsumerServiceIndex | Supported. |
AssertionConsumerServiceURL | Optional |
AttributeConsumingServiceIndex | Not supported. Do not include. |
ProviderName | Not supported. Ignored. |
<saml:Issuer> | Required |
Format | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
<ds:Signature> | Optional |
<samlp:Extensions> | Not supported. Do not include. |
<saml:Subject> |
|
Format | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
| Not supported. Do not include. |
| Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Format | Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
| <samlp:NameIDPolicy> | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Format | Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Not supported. Must be omitted. |
AllowCreate | Not supported. Do not include. |
<saml:Conditions> | Optional |
NotBefore | Optional |
NotOnOrAfter | Optional |
| Not supported. Do not include. |
| <samlp:RequestedAuthnContext> | Optional In a future release, RSA will require all requests that use this attribute to be signed. |
Comparison | Optional Value: exact |
| Required. Only a single entry is supported. Allowed values:
Example
<saml2p:RequestedAuthnContext>
</saml2p:RequestedAuthnContext>
For additional examples, see SAML 2.0 Requirements for Service Providers - AuthnRequest. |
<saml:AuthnContextDeclRef> | Not supported. |
| samlp:Scoping | Not supported. Do not include. |
For more information, see the following topics:
Related Articles
SAML 2.0 Requirements for Service Providers Number of Views Set Requirements for Security Questions Number of Views SAML 2.0 Requirements for Service Providers - Metadata Number of Views SAML 2.0 Requirements for Service Providers - Response and Assertion Number of Views SAML 2.0 Requirements for Service Providers - Supported RequestedAuthnContext Examples Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8 Deploying RSA Authenticator 6.2.2 for Windows Using DISM
