where is transientId in SAML assertion

Kevin Foote kpfoote at uoregon.edu
Wed Sep 24 19:22:56 EDT 2014

On Sep 24, 2014, at 2:53 PM, David Bantz <dabantz at alaska.edu> wrote:

> A different vendor is unable to properly interpret the SAML assertion from my IdP,
> and I haven’t been able to fathom why not, but notice that despite parallel
> debug log entries that transientId will be used to construct NameID, a corresponding
> NameID is not in the Subject.  Instead there’s an EncryptedID.


Check your relying-party.xml for the ProfileConfiguration of the profile you are using, presumably SAML2SSOProfile 
Is this set?  encryptNameIds=“conditional” 
And what is their end asking for? 


More information about the users mailing list