Setting "Format" attribute in NameIDPolicy of AuthnRequest.
Kevin Foote
kpfoote at uoregon.edu
Wed May 14 18:36:43 EDT 2014
On May 14, 2014, at 3:22 PM, Emilio Penna <emilio.penna at seciu.edu.uy> wrote:
> Hello, I'm starting with Shibboleth SP (version 2.5.3). Shibboleth SP is
> generating AuthnRequest with
>
> <samlp:NameIDPolicy AllowCreate="1" />
>
> It works, and the IdP responds with a persistent identifier, but I need
> the emailAddress as NameID…
As an SP you can request a NameID type but you can not guarantee that the IdP will
give it to you.
At the IdP the attributes for the principal are encoded into the different formats. You
(SP) don’t have any control (for the most part) of what the IdP is selecting as the NameID.
--------
thanks
kevin.foote
More information about the users
mailing list