nameid-format:unspecified for relying party
Cantor, Scott
cantor.2 at osu.edu
Thu Jul 12 09:23:17 EDT 2018
> Am I misunderstanding though that I should be able to specify the
> NameIDFormat via a RelyingParty override rather than specifying it in the SP's
> metadata?
Yes, as long as you're not trying to use the one "format that isn't a format" that people keep trying to use that's referenced in the subject line.
> Per your ArcGIS documentation this works as expected.
Being out of position in the metadata tends not to matter as much to the IdP if it's not schema validating, but I would be surprised that quoting it like that worked. That would be an interesting bug.
> It generates a transient format NameID in the Subject once again. The
> documentation I'm using as references describes the RelyingParty
> nameIDFormatPrecedence attribute as "A space delimited, ordered list of
> name identifier formats" [1] and the logic (I think) to select the
> NameIDFormat [2][3].
They are equivalent and if you get different results, there's some fact not in evidence that means it isn't using the configuration you think it is.
-- Scott
More information about the users
mailing list