Unspecified NameId format and IdP 3.2
Cantor, Scott
cantor.2 at osu.edu
Thu Dec 3 15:13:14 EST 2015
On 12/3/15, 2:08 PM, "users on behalf of Nanda Kumar" <users-bounces at shibboleth.net on behalf of NKK at FISCHERINTERNATIONAL.COM> wrote:
>It’s metadata also has the same NameIDFormat.
And as documented, that won't matter.
>
>Doesn’t Shib IdP 3.2 support the urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified name id format anymore?
Yes.
>
>When I don’t specify any nameIDFormatPrecedence in the relying party xml for the google apps sp, it defaults to the transient NameID generator, the output of which is not a valid id for Google Apps.
And the documentation specifically notes that that is the only way to make broken SPs using that format work.
But I am led to understand that despite popular impression, Google does *not* require that format.
-- Scott
More information about the users
mailing list