Access Denied

Cantor, Scott cantor.2 at
Wed Aug 8 13:57:54 EDT 2018

> 2018-08-08 17:29:18,100 - DEBUG
> [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:10
> 0] - Configuration specifies the following formats: []

So you are not choosing a Format in relying-party.xml, which is fine, that's not the recommended way to do it unless you have to because you're trying to forcibly use the "unspecified" Format constant.

> 2018-08-08 17:29:18,101 - DEBUG
> [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:11
> 3] - Configuration did not specify any formats, relying on metadata alone

And you have the metadata, so you know whether it is specifying any Format(s). And if not, and you have to rely on a NameID, then you would have to change that.

If the answer to both methods of Format selection is that they're not being used, then it's going to choose the default Format, which is transient. Which I would imagine is what it's doing?

-- Scott

More information about the users mailing list