Access Denied
Cantor, Scott
cantor.2 at osu.edu
Wed Aug 8 13:57:54 EDT 2018
> 2018-08-08 17:29:18,100 - DEBUG
> [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:10
> 0] - Configuration specifies the following formats: []
So you are not choosing a Format in relying-party.xml, which is fine, that's not the recommended way to do it unless you have to because you're trying to forcibly use the "unspecified" Format constant.
> 2018-08-08 17:29:18,101 - DEBUG
> [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:11
> 3] - Configuration did not specify any formats, relying on metadata alone
And you have the metadata, so you know whether it is specifying any Format(s). And if not, and you have to rely on a NameID, then you would have to change that.
If the answer to both methods of Format selection is that they're not being used, then it's going to choose the default Format, which is transient. Which I would imagine is what it's doing?
-- Scott
More information about the users
mailing list