SAML 2.0 Requirements for Service Providers - Metadata
SAML 2.0 Requirements for Service Providers - Metadata
The following tables outline the supported SAML 2.0 elements required for service providers using Cloud Access Service (CAS) as an IdP to manage authentication. Provide this information to your application administrators.
SP Metadata
| <md:EntityDescriptor> Attribute or Element | Status and Supported Values |
|---|---|
| ID | Optional |
| entityID | Required |
| validUntil | Optional |
| cacheDuration | Not supported. Ignored. |
| <ds:Signature> | Not supported. Ignored. |
| <md:Extensions> | Not supported. Ignored. |
| <md:SPSSODescriptor> | Optional |
| ID | Optional |
| validUntil | Optional |
| cacheDuration | Not supported. Ignored. |
| protocolSupportEnumeration | Not supported. Ignored. |
| errorURL | Not supported. Ignored. |
| AuthnRequestsSigned | Optional Value: true/false |
| WantAssertionsSigned | Optional Value: true/false |
| <ds:Signature> | Not supported. Ignored. |
| <md:Extensions> | Not supported. Ignored. |
| <md:KeyDescriptor> | Optional |
| <md:KeyTypes> | Required Value: signing |
| <ds:KeyInfo> | Required |
<ds:KeyName> | Required |
<ds:X509Data> | Required Values: <ds:X509SubjectName> <ds:X509Certificate> |
| <md:EncryptionMethod> | Not supported. Ignored. |
| <md:Organization> | Not supported. Ignored. |
| <md:ContactPerson> | Not supported. Ignored. |
| <md:ArtifactResolutionService> | Not supported. Ignored. |
| <md:SingleLogoutService> | Not supported. Ignored. |
| <md:ManageNameIDService> | Not supported. Ignored. |
| <md:NameIDFormat> | Not supported. Ignored. |
| <md:AssertionConsumerService> | Optional |
| Binding | Optional |
| Location | Optional |
| ResponseLocation | Optional |
| index | Not supported. Ignored. |
| isDefault | Optional Value: true |
| <md:AttributeConsumingService> | Not supported. Ignored. |
| <md:RequestedAttribute> | Not supported. Ignored. |
| <md:Organization> | Not supported. Ignored. |
| <md:ContactPerson> | Not supported. Ignored. |
| <md:AdditionalMetadataLocation> | Not supported. Ignored. |
IdP Metadata
| <md:EntityDescriptor> Attribute or Element | Status and Supported Values |
|---|---|
| ID | Provided |
| entityID | Provided |
| validUntil | Not provided |
| cacheDuration | Not provided |
| <ds:Signature> | Provided |
| <md:Extensions> | Not provided |
| <md:IDPSSODescriptor> | Provided |
| ID | Optional |
| validUntil | Not provided |
| cacheDuration | Not provided |
| protocolSupportEnumeration | Provided Value: urn:oasis:names:tc:SAML:2.0:protocol |
| errorURL | Not provided |
| WantAuthnRequestsSigned | Provided Value: true/false |
| <ds:Signature> | Not provided |
| <md:Extensions> | Not provided |
| <md:KeyDescriptor> | Provided |
| use | Provided Value: signing |
| <ds:KeyInfo> | Provided |
<ds:KeyName> | Provided |
<ds:X509Data> | Provided Values: <ds:X509SubjectName> <ds:X509Certificate> |
| <md:EncryptionMethod> | Not provided |
| <md:Organization> | May be provided |
| <md:OrganizationName> | May be provided |
| <md:OrganizationDisplayName> | May be provided |
| <md:OrganizationURL> | May be provided |
| <md:Extensions> | Not provided |
| <md:ContactPerson> | May be provided |
| contactType | Provided Value: Other |
| <md:Company> | Not provided |
| <md:GivenName> | May be provided |
| <md:SurName> | May be provided |
| <md:EmailAddress> | May be provided |
| <md:TelephoneNumber> | May be provided |
| <md:Extensions> | Not provided |
| <md:ArtifactResolutionService> | Not provided |
| <md:SingleLogoutService> | Provided |
| Binding | Provided Values: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
| Location | Provided |
| ResponseLocation | Not provided |
| <md:ManageNameIDService> | Not provided |
| <md:NameIDFormat> | Not supported. Ignored. |
| <md:AssertionConsumerService> | Not provided |
| <md:AttributeConsumingService> | Not provided |
| <md:RequestedAttribute> | Not provided |
| <md:Organization> | Not provided |
| <md:ContactPerson> | Not provided |
| <md:AdditionalMetadataLocation> | Not provided |
Related Articles
RSA announces the availability of a Self-Encrypting Hard Drive for the RSA SecurID Hardware Appliance 350 Number of Views Configure On-Demand Tokencode Settings Number of Views You uploaded an invalid file error during Quick Setup of the RSA SecurID Appliance 8.x Number of Views How to setup On-Demand Authentication (ODA) in RSA Authentication Manager 8.x Number of Views How to backup and restore an RSA SecurID Appliance 3.0 using PING Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
