Name Identifier attribute release

Cantor, Scott cantor.2 at
Wed Aug 19 10:51:57 EDT 2015

On 8/19/15, 10:46 AM, "users on behalf of Michael Dahlberg" <users-bounces at on behalf of olgamirth at> wrote:

>One last question: Is it fairly common to release an arbitrary attribute to an SP in the SAML2 Subject?  I'm working with a number of SPs and this is the first one that required the attribute released in the Subject.

It's extremely common when the SP isn't Shibboleth or the application is a cloud service, most of whom have the SAML expertise of my cat. It's fairly rare otherwise.

What is not common is any of them doing it correctly. Most of them will claim to use the "unspecified" Format, which is akin to saying nothing, and makes effective configuration impossible (how do you cleanly configure the right value for each SP when every one of them claims to want the same Format but different values?)

Most of them won't actually care or look at what the Format is, and fundamentally they all refuse to understand that just because standardization and appropriate naming doesn't really matter when there are only two parties, it matters a lot when each party has to work with hundreds of others at the same time.

-- Scott

More information about the users mailing list