IdP 2.4 and Okta/Adobe.com SSO
cantor.2 at osu.edu
Mon Aug 31 14:23:25 EDT 2015
On 8/31/15, 2:21 PM, "users on behalf of Kathy E. Wright" <users-bounces at shibboleth.net on behalf of kewrig at clemson.edu> wrote:
>Thank you very much. Adobe has insisted that the NameID format be "uspecified." I see yours is persistent:
Neither is correct in this context, but "unspecified" is at least accurate and not explicitly invalid. That's not a persistent format ID, so that would not be correct.
Most vendors don't actually require any value or look at it at all, which is also broken, but does mean that you can usually generate a "correct" format. If you express an EPPN as a NameID, the value for that under the MACE SAML Attribute Profile is the name of the SAML attribute (the urn:oid:... value for EPPN).
More information about the users