NameIDFormat emailAddress SAML:2.0 (?)

Alan Angulo (Office365 admin) alan at
Fri Nov 22 16:05:09 EST 2019

Dear Shibboleth community,
I have a vendor requesting to pass the emailAddress in the NameID subject of our SAML response.
The user authenticates correctly but right after the browser goes into an infinite redirect.

The log entries show a warning regarding an unsupportable identifier:
"2019-11-22 15:40:51,583 - - WARN [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:337] ​
- Profile Action AddNameIDToSubjects: ​
Request specified use of an unsupportable identifier format: ​

The vendor's metadata has this entry:

I suspect the vendor's metadata is referencing the wrong NameIDFormat in his metadata. I am thinking it should be this:

since that's the format stated in the saml-nameid.xml config file of the Shibboleth IdP 3.4.6

Can someone confirm that this is the cause of the problem?


~Alan Angulo

Senior Systems Administrator / Office 365 Administrator

East Stroudsburg University | 570-422-3783 | alan at | alan at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list