IdP 2.4 and Okta/Adobe.com SSO

Cantor, Scott cantor.2 at osu.edu
Mon Aug 31 14:23:25 EDT 2015


On 8/31/15, 2:21 PM, "users on behalf of Kathy E. Wright" <users-bounces at shibboleth.net on behalf of kewrig at clemson.edu> wrote:

>
>Andy,
>Thank you very much.  Adobe has insisted that the NameID format be "uspecified."  I see yours is persistent: 

Neither is correct in this context, but "unspecified" is at least accurate and not explicitly invalid. That's not a persistent format ID, so that would not be correct.

Most vendors don't actually require any value or look at it at all, which is also broken, but does mean that you can usually generate a "correct" format. If you express an EPPN as a NameID, the value for that under the MACE SAML Attribute Profile is the name of the SAML attribute (the urn:oid:... value for EPPN).

-- Scott



More information about the users mailing list