IdP implementation roadmap

Cantor, Scott cantor.2 at
Tue Apr 16 11:16:17 EDT 2019

On 4/16/19, 11:08 AM, "users on behalf of Nate Klingenstein" <users-bounces at on behalf of ndk at> wrote:

> > 2) How to force the IdP to return the user name inside NameID tag with NameIDFormat set to
> > urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
> In the metadata you've created for these SP's, right before the AssertionConsumerServices, add:

We do not allow that, it's ignored.

Step 1: You don't need to do this, so don't. Nothing that would ask for that format even checks it,

Step 2: Stop arguing with me that you need to do it, you're 99.9% likely to be wrong.

Step 3: If you're in the 0.1%, the you set the nameIDFormatPrecedence property as documented in the wiki topic under "this is the only way to get unspecified to work".

-- Scott

More information about the users mailing list