Setting "Format" attribute in NameIDPolicy of AuthnRequest.

Emilio Penna emilio.penna at
Wed May 14 18:55:50 EDT 2014

Kevin, Tom, thanks for the responses.

In my scenario, the IdP can give the NameID with "emailAddress" format,
(I can obtain it if I make the AuthnRequest "by hand" with opensaml)

What I need is a way to configure shibboleth SP to add the "Format"


El 14/05/2014 07:40 p.m., Tom Scavo escribió:
> On Wed, May 14, 2014 at 6:36 PM, Kevin Foote <kpfoote at> wrote:
>> On May 14, 2014, at 3:22 PM, Emilio Penna <emilio.penna at> wrote:
>>> Hello, I'm starting with Shibboleth SP (version 2.5.3). Shibboleth SP is
>>> generating AuthnRequest with
>>> <samlp:NameIDPolicy AllowCreate="1" />
>>> It works, and the IdP responds with a persistent identifier, but I need
>>> the emailAddress as NameID…
>> As an SP you can request a NameID type but you can not guarantee that the IdP will
>> give it to you.
> I don't think so. The SAML spec is pretty clear on that. It's a MUST in fact.
> Tom
> --
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list