nameid-format:unspecified for relying party
Cantor, Scott
cantor.2 at osu.edu
Mon Jul 2 16:54:33 EDT 2018
> Presumably there should be a way to do this with the legacy V2 relying-party
> until then? We're still stuck with what may be amiss or how to better
> troubleshoot it though. Enabling DEBUG logging on some more specific
> component?
You do NOT need to support that format. There might be one or two services in the world that actually *care* that it's set to that ridiculous value. I think I ran into one in 15 years.
Use a Format you *want* to use that's correct for the data being passed. It will work 99% of the time.
In either case, and in either version, NameID Format selection is documented and is the same in both versions, relying-party syntax notwithstanding. NameIDPolicy in request, then NameIDFormat in metadata, then nameIDFormatPrecedence in relying-party.xml (this is spelled out in the documentation in both V2 and V3).
If you insist on "unspecified", you need an override and nameIDFormatPrecedence, because that Format does not work with the first two mechanisms. If you don't use that Format, you can set it in the SP's metadata.
That's it.
-- Scott
More information about the users
mailing list