The <RelyingParty> element allows the SP to customize its behavior when it interacts with particular identity providers or groups of providers. By default, many properties are set globally to an application. This element allows them to be overridden. Individual options can be selectively overriden within the <RelyingParty> element.

Selection of an element can be named-based, or in V2.5 and above, can rely on an extensible matching mechanism called an EntityMatcher.

If the Name attribute is present, then the matching process starts with the IdP's entityID, and proceeds upwards through the IdP's Metadata matching against <EntitiesDescriptor> group names that are found. The most specific match wins.

If the Name attribute is not present, then a type attribute must be used to indicate the type of EntityMatcher to apply, and other content will be required based on the type of matcher to specify how to match.

Prior to V2.5, only the Name matching option is supported.


  • Name (string)
    • For name-based matching, this is the value used to match against the IdP's entityID or parent group names. As of V2.5, this attribute is optional and can be omitted in favor of a type attribute.
  • type (string) (Version 2.5 and Above)
    • For extensible matching, specifies the type of EntityMatcher to use. Refer to the associated documentation for additional required content.
  • entityID (URI)
    • Overrides the unique identifier used by the SP to identify itself when communicating with matching relying parties. Normally an SP should be able to use a single name in all its dealings, but this can provide some help when dealing with externally imposed limitations.