Help with NameID

Peter Schober peter.schober at
Fri Aug 7 07:33:14 UTC 2020

* Amit Dongaonkar <amitd at> [2020-08-07 02:36]:
> I am using Shibboleth IdP 3.4 and am trying to provide an assertion to AWS
> services.
> They need the nameID as email , however they do not want the email
> attribute coming in the assertion.

That's just stilly, insisting that an attribute be NOT present, and I
doubt that's a requirement for AWS -- otherwise I guess we'd heard
about it here? I.e., you can't be the first person to integrate your
Shib IDP with AWS?

> I tried different ways mentioned in the documentation but as soon as
> I remove the mail attribute from the attribute-filter.xml I see the
> invalidNameIDPolicy error.

Correct, not releasing the attribute will prefent release of the
attribute-sourced NameID.


More information about the users mailing list