IdPv3 and generating persistent NameID

Sara Hopkins sara.hopkins at
Fri May 1 13:41:02 EDT 2015

On 01/05/2015 17:04, Cantor, Scott wrote:

> No, it's more or less similar to V2, you have metadata from the SP, you have the SP requesting a Format in a NameIDPolicy element in its request, and you have the nameIDFormatPrecedence relying party property.

OK, so I'm trying to force the IdP to release the persistent ID by 
having this in the shibboleth.DefaultRelyingParty bean:

<bean parent="SAML2.SSO" 

I also tried this:

<bean parent="SAML2.SSO" 

but I still just get a transient nameID.

Is nameIDFormatPrecedence sufficient on its own to achieve this, or does 
it have to be specified by the SP as well (whether in metadata or by 
requesting a Format in a NameIDPolicy element)?


Sara Hopkins
Support Team
UK Access Management Federation for Education and Research

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

More information about the users mailing list