IDP Initiated doubt on nameID

Lalith Jayaweera ljayaweera at
Mon Apr 8 02:22:17 EDT 2019


We got a SP which works with SP initiated way, however use of IDP Initiated
can reduce some intermediate page and can enhance the user experience

So I tried the IdP Initiated way, but it failed.

Just to give more information, entityID of the SP is different to
AssertionConsumerService URL

As said SP initiated works, but when I tried IDP Initiated following
observations done

1) Attributes getting passed to the SP no issues similar to the SP
initiated way

2) but nameID not getting password in IdP Initiated, but SP initiated pass
the requested email address in emailAddress format but in IDP Initiated
instead of email Address, the transient ID getting passed, probably the
reason for the failure

I thought if SP initiated pass certain attributes and value in subject, it
should be the same for the IDP Initiated.

Can you please advice as to why the nameID not getting password, even
though it is configured in saml-nameid.xml for both.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list