...
- Metadata Consumption
- refresh metadata daily
- verify the XML signature
- check the expiration date
- X.509 Certificates in Metadata
- use of self-signed certificates with 2048-bit keys
- no unexpired certificates in metadata
- User Interface Elements for SPs and IdPs
- Requested Attributes for SPs
- SAML 2.0 Support
- IdPs with TLS-protected HTTP-Redirect SSO
- SPs that support SAML 2.0 should indicate so in metadata
- SPs with TLS-protected HTTP-POST ACS and an encryption key
- SAML 1.1 Support
- SPs with TLS-protected HTTP-POST ACS
...