IdP: Returning emailAddress as NameId in SAMLResponse Assertion

Cantor, Scott cantor.2 at osu.edu
Thu Nov 21 11:18:31 EST 2013


On 11/21/13, 11:09 AM, "vyal2k" <vyal2k at yahoo.com> wrote:

>Thanks. 
>I commented out the "AttributeFilterPolicy" for "transientId"
>AttributeRule and now there is no response from IdP and i see the
>following in idp-process.log:

Commenting out something is not going to cause there to be no repsonse.

>21:34:27.889 - WARN
>[edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandle
>r:491] - No attribute of principal 'user1' can be encoded in to a
>NameIdentifier of required format
>'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
> for relying party 'https://inw00003973:8443'

Well, that's the issue then.

-- Scott




More information about the users mailing list