Persistent Assertion/Subject/NameID from LDAP Attribute

Cantor, Scott cantor.2 at
Fri Aug 10 10:37:31 EDT 2012

On 8/10/12 12:05 AM, "Henry B. Hotz" <hotz at> wrote:
>If that's what's wanted by a specific SP, shouldn't the <NameIDFormat>
>metadata make it unnecessary to to put a preference in the RelyingParty?

I believe the IdP does look at that, yes. No other implementations of SAML
will, FWIW.

>Just asking.  Everything's working now, but I need to clean things up a

The preference rule in relying-party.xml was added to make it cleaner to
unilaterally control the format used without having to use odd-looking
filter policies. Normally you don't control the SP's metadata so
manipulating that isn't the approach generally used.

-- Scott

More information about the users mailing list