Set NameID to Principal name

Abhishek Chouksey abhishekchouksey10 at
Fri Dec 4 11:32:17 UTC 2020

I am new to shibboleth and trying to perform IDP initiated SSO

My SP metadata file contain these attribute :

=>does it means that my SP is accepting email address as nameIDFormat?

and in my IDP attribute-resolver.xml :

 <!--Name Identifier related attributes -->
    <resolver:AttributeDefinition id="transientId"
        <resolver:AttributeEncoder xsi:type="enc:SAML1StringNameIdentifier"
        <resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID"

so when request is made in saml tracer I can see that nameID is set to some
encoded string
Issuer                      = https://<xyz>/idp/shibboleth
Subject                     = _8a6f5377a471fc24182dfa02ea194b43
NameID                      = _8a6f5377a471fc24182dfa02ea194b43

=>IS this due to Transient?

=>So how can I make my nameID field to be set as my principal name like
xyz at because my SP is using nameID as username during access I
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list