Help with NameID
Peter Schober
peter.schober at univie.ac.at
Fri Aug 7 07:33:14 UTC 2020
* Amit Dongaonkar <amitd at nitssolutions.com> [2020-08-07 02:36]:
> I am using Shibboleth IdP 3.4 and am trying to provide an assertion to AWS
> services.
> They need the nameID as email , however they do not want the email
> attribute coming in the assertion.
That's just stilly, insisting that an attribute be NOT present, and I
doubt that's a requirement for AWS -- otherwise I guess we'd heard
about it here? I.e., you can't be the first person to integrate your
Shib IDP with AWS?
> I tried different ways mentioned in the documentation but as soon as
> I remove the mail attribute from the attribute-filter.xml I see the
> invalidNameIDPolicy error.
Correct, not releasing the attribute will prefent release of the
attribute-sourced NameID.
-peter
More information about the users
mailing list