SAML 2.0 Requirements for Service Providers - AuthnRequest
The following tables outline the supported SAML 2.0 elements required for service providers using the Cloud Access Service (CAS) as an IdP to manage authentication. Provide this information to your application administrators.
AuthnRequest
<AuthRequest> Attribute or Element | Status and Supported Values |
|---|---|
ID | Required |
Version | Required Value: 2.0 |
IssueInstant | Required |
Destination | Optional |
Consent | Not supported. Ignored. |
ForceAuthn | Optional Default value: false |
IsPassive | Optional Default value: false |
ProtocolBinding | Optional
Values: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
AssertionConsumerServiceIndex | Supported. |
AssertionConsumerServiceURL | Optional |
AttributeConsumingServiceIndex | Not supported. Do not include. |
ProviderName | Not supported. Ignored. |
<saml:Issuer> | Required |
Format | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
<ds:Signature> | Optional |
<samlp:Extensions> | Not supported. Do not include. |
<saml:Subject> |
|
Format | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
| Not supported. Do not include. |
| Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Format | Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
SPProvidedID | Not supported. Do not include. |
| <samlp:NameIDPolicy> | Optional. Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Format | Optional Values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Not supported. Must be omitted. |
AllowCreate | Not supported. Do not include. |
<saml:Conditions> | Optional |
NotBefore | Optional |
NotOnOrAfter | Optional |
| Not supported. Do not include. |
| <samlp:RequestedAuthnContext> | Optional In a future release, RSA will require all requests that use this attribute to be signed. |
Comparison | Optional Value: exact |
| Required. Only a single entry is supported. Allowed values:
Example
<saml2p:RequestedAuthnContext>
</saml2p:RequestedAuthnContext>
For additional examples, see SAML 2.0 Requirements for Service Providers - AuthnRequest. |
<saml:AuthnContextDeclRef> | Not supported. |
| samlp:Scoping | Not supported. Do not include. |
For more information, see the following topics:
Related Articles
SAML 2.0 Requirements for Service Providers Number of Views SAML 2.0 Requirements for Service Providers - Metadata Number of Views SAML 2.0 Requirements for Service Providers - Supported RequestedAuthnContext Examples Number of Views Set Requirements for Security Questions Number of Views SAML 2.0 Requirements for Service Providers - Response and Assertion Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
