saml2:NameID value in clear text?

Cantor, Scott cantor.2 at
Mon Sep 29 18:00:23 EDT 2014

On 9/29/14, 3:21 PM, "XiaoXia Dong" <x-dong at> wrote:

>I already set the encryptNameIds=never in the relying-party.xml,but still
>got the encrypted value.

No, that's not encrypted.

>What the vendor is asking for:
><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
>                          >nustaff1</saml2:NameID>

That would be incorrect, that's not a transient ID. You should not send
that. If they want some other format, they need to identify the format
they want, and then you have to support it. If they don't care, then it
depends on what kind of identifier they need as to what Format should be
used to make the configuration general.

>Is this doable? If yes, can someone point me to the right direction what
>other changes are needed?

-- Scott

More information about the users mailing list