SAML 2.0 Requirements for Service Providers - AuthnRequest
The following tables outline the supported SAML 2.0 elements required for service providers using the Cloud Access Service (CAS) as an IdP to manage authentication. Provide this information to your application administrators.
AuthnRequest
<AuthRequest> Attribute or Element | Status and Supported Values |
|---|---|
ID | Required |
Version | Required Value: 2.0 |
IssueInstant | Required |
Destination | Optional |
Consent | Not supported. Ignored. |
ForceAuthn | Optional Default value: false |
IsPassive | Optional Default value: false |
ProtocolBinding | Optional
Values: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
AssertionConsumerServiceIndex | Supported. |
AssertionConsumerServiceURL | Optional |
AttributeConsumingServiceIndex | Not supported. Do not include. |
ProviderName | Not supported. Ignored. |
<saml:Issuer> | Required |
Format | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
<ds:Signature> | Optional |
<samlp:Extensions> | Not supported. Do not include. |
<saml:Subject> |
|
Format | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
| Not supported. Do not include. |
| Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Format | Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
| <samlp:NameIDPolicy> | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Format | Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Not supported. Must be omitted. |
AllowCreate | Not supported. Do not include. |
<saml:Conditions> | Optional |
NotBefore | Optional |
NotOnOrAfter | Optional |
| Not supported. Do not include. |
| <samlp:RequestedAuthnContext> | Optional In a future release, RSA will require all requests that use this attribute to be signed. |
Comparison | Optional Value: exact |
| Required. Only a single entry is supported. Allowed values:
Example
<saml2p:RequestedAuthnContext>
</saml2p:RequestedAuthnContext>
For additional examples, see SAML 2.0 Requirements for Service Providers - AuthnRequest. |
<saml:AuthnContextDeclRef> | Not supported. |
| samlp:Scoping | Not supported. Do not include. |
For more information, see the following topics:
Related Articles
SAML 2.0 Requirements for Service Providers - Metadata Number of Views SAML 2.0 Requirements for Service Providers Number of Views SAML 2.0 Requirements for Service Providers - Supported RequestedAuthnContext Examples Number of Views Identity Router DNS Requirements Number of Views SAML 2.0 Requirements for Service Providers - Response and Assertion Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide How to Download OTP Token Seed Files from myRSA RSA Authentication Manager 8.9 Release Notes (January 2026)
