saml2:NameID value in clear text?

Qian, Yi yqian at
Tue Sep 30 10:13:32 EDT 2014

What you released is a transient id, you need to do 2 changes
1. block transient id release
2. define some type of name id using the uid from your LDAP, then release it
From: users-bounces at [users-bounces at] on behalf of XiaoXia Dong [x-dong at]
Sent: Monday, September 29, 2014 2:21 PM
To: Shib Users
Subject: saml2:NameID value in clear text?


We have a vendor which is asking to set the value of a saml2:NameID to be clear text, rather than encrypted. I already set the encryptNameIds=never in the relying-party.xml,but still got the encrypted value.

Here is an example what I have now and what the vendor is asking for:

What we are passing:

<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

What the vendor is asking for:

<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

Is this doable? If yes, can someone point me to the right direction what other changes are needed?

Thanks in advance for your help.

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list