IdP implementation roadmap

Nate Klingenstein ndk at
Tue Apr 16 11:07:25 EDT 2019


> 1) How to make Shib IdP and metadata-less SP friends?

Unfortunately, in these cases, you usually have to write the metadata for the SP and then load it into your IdP.  It shouldn't be too hard to find the fields to replace using the SAML 2.0 Wikipedia article and SAMLtest's SP metadata as an example.

> 2) How to force the IdP to return the user name inside NameID tag with NameIDFormat set to
> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

In the metadata you've created for these SP's, right before the AssertionConsumerServices, add:


Of course, we don't recommend that you ever use unspecified, but of course, we understand that there are parts of the world with a different opinion.

Hope this helps,

More information about the users mailing list