IDP Initiated doubt on nameID

Lalith Jayaweera ljayaweera at
Mon Apr 8 22:38:48 EDT 2019

All sorted having below entry in SP Meta data, Thank you for all the


On Tue, Apr 9, 2019 at 1:43 AM Nate Klingenstein <ndk at> wrote:

> > The IdP decides which NameID to send based on a number of factors,
> including configuration of your IdP, the metadata of the SP, and the
> AuthnRequest.  Their AuthnRequests must be specifying a particular
> AuthnContextClass, while the same class is absent from the metadata or the
> configuration.
> I apologize, I meant to write particular NameID, not
> AuthnContextClassRef.  An example:
> <samlp:AuthnRequest
>     <samlp:NameIDPolicy AllowCreate="true"
>         Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
> ...
> </samlp:AuthnRequest>
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list