Setting "Format" attribute in NameIDPolicy of AuthnRequest.

Kevin Foote kpfoote at
Wed May 14 18:36:43 EDT 2014

On May 14, 2014, at 3:22 PM, Emilio Penna <emilio.penna at> wrote:

> Hello, I'm starting with Shibboleth SP (version 2.5.3). Shibboleth SP is
> generating AuthnRequest with
> <samlp:NameIDPolicy AllowCreate="1" />
> It works, and the IdP responds with a persistent identifier, but I need
> the emailAddress as NameID…

As an SP you can request a NameID type but you can not guarantee that the IdP will 
give it to you. 

At the IdP the attributes for the principal are encoded into the different formats. You 
(SP) don’t have any control (for the most part) of what the IdP is selecting as the NameID.


More information about the users mailing list