Google Apps + v3 Idp (again)
cantor.2 at osu.edu
Thu Apr 14 12:10:07 EDT 2016
> OK. If I take the format line out of the metadata, and the saml-nameid bean
> definition (so no definition by me of what format I'd be sending google-
> principal as) I still get a transient NameID sending.
Well, yes. That should be what you'd get if you tell it to do nothing in particular and use the default format it ships with.
> But our v2 setup sent the whole email address in the SAML response, and
> that was fine.
Well, then this is an interop issue with the way you've configured V3. And that's why upgrading from V2 should be done in place. If you start from scratch, this is what ends up happening. An upgraded system will perform essentially as it was in most important respects except for the SHA-1->SHA-2 change.
More information about the users