nameID format error
Cantor, Scott
cantor.2 at osu.edu
Mon Sep 11 20:30:50 EDT 2017
On 9/11/17, 7:34 PM, "users on behalf of Klingenstein, Nate" <users-bounces at shibboleth.net on behalf of nklingenstein at calstate.edu> wrote:
> I typically get that message when the IdP is trying to generate a NameID, but it's unable to do so because I'm not releasing an
> attribute that meets the requirements of the request.
That of course is true but he had a release rule and I assumed that was checked.
> Whether you're using actual persistentId's with other SP's, I don't know, but you'll probably need to define something in saml-
> nameid.xml for this if it's going to use the actual NameID signaling.
The formal selection process works the same whether you're generating them the way it's done now or using the legacy fallback to the resolver and its AttributeEncoders. It's just that the legacy generation is controlled with a property and can be turned off to prevent accidental use of a deprecated method, and it probably defaults to being "off" on a new install.
-- Scott
More information about the users
mailing list