Chaning AllowCreate value

Cantor, Scott cantor.2 at
Fri Feb 23 13:46:24 EST 2018

> I am setting up an SP and my default SAML uses a numeric value "1" for
> AllowCreate and my IdP is saying they need it to be "true" instead.

They are wrong.

 > I also tried “0” and “false” but these did not affect the value being sent. Is
> there another place to define the format of the parameter?

You should not and there is no elegant way. I believe it would work to supply an AuthnRequest "template" and put in a NameIDPolicy element explicitly that has the unnecessary change. The template feature is mentioned in the SessionInitiator docs for the SAML2 initiator type, and stuffing the template underneath the SSO element would work.

I would not do this. Tolerating bugs is a bad strategy and is counterproductve for everybody.

More information about the users mailing list