Hi,
I don't know. Reading specs of SAML is not the best way but you can find everything there.
Honestly, I wouldn't be worried too much about defaults. SAML is a complex protocol and complexity in security is not a good thing. So sticking to default values provided some smart people is a good idea. Fiddling with settings without deep understanding can have severe consequences. Crypto is exceptionally good example.
Cheers