IDP Initiated doubt on nameID
Lalith Jayaweera
ljayaweera at gmail.com
Mon Apr 8 22:38:48 EDT 2019
All sorted having below entry in SP Meta data, Thank you for all the
responses
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
On Tue, Apr 9, 2019 at 1:43 AM Nate Klingenstein <ndk at signet.id> wrote:
> > The IdP decides which NameID to send based on a number of factors,
> including configuration of your IdP, the metadata of the SP, and the
> AuthnRequest. Their AuthnRequests must be specifying a particular
> AuthnContextClass, while the same class is absent from the metadata or the
> configuration.
>
> I apologize, I meant to write particular NameID, not
> AuthnContextClassRef. An example:
>
> <samlp:AuthnRequest
> <samlp:NameIDPolicy AllowCreate="true"
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
> ...
> </samlp:AuthnRequest>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190409/64797556/attachment.html>
More information about the users
mailing list