IdP implementation roadmap
cantor.2 at osu.edu
Tue Apr 16 11:16:17 EDT 2019
On 4/16/19, 11:08 AM, "users on behalf of Nate Klingenstein" <users-bounces at shibboleth.net on behalf of ndk at signet.id> wrote:
> > 2) How to force the IdP to return the user name inside NameID tag with NameIDFormat set to
> > urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
> In the metadata you've created for these SP's, right before the AssertionConsumerServices, add:
We do not allow that, it's ignored.
Step 1: You don't need to do this, so don't. Nothing that would ask for that format even checks it,
Step 2: Stop arguing with me that you need to do it, you're 99.9% likely to be wrong.
Step 3: If you're in the 0.1%, the you set the nameIDFormatPrecedence property as documented in the wiki topic under "this is the only way to get unspecified to work".
More information about the users