How can I map "unspecified" nameIds to "emailAddress"?

Curtis Lacy clacy at
Mon Jun 1 15:06:40 UTC 2020

Hi, I'm having trouble getting Single Log Out (SLO) to work with
Salesforce.  Logging in is working.  When I try to log out, though, IdP4
logs an error:

A non-proceed event occurred while processing the request: SessionNotFound

I connected a remote debugger and the problem appears to be that salesforce
is only including the "unspecified" user name format, and Shibboleth does
not recognize it as equivalent to what it has stored in the sp session,
which is "emailAddress" (in this case, the SP is sending the email address
in the logout request).

Is there a way to configure Shibboleth to simply use the value it has as an
"unspecified" value?



The information transmitted in this email is intended only for the 
person(s) or entity to which it is addressed and may contain confidential 
and/or privileged material. Any review, retransmission, dissemination or 
other use of, or taking of any action in reliance upon, this information by 
persons or entities other than the intended recipient is prohibited. If you 
received this email in error, please contact the sender and permanently 
delete the email from any computer. 

Nothing in this email is intended to 
bind Lotame, which only operates under the terms of written agreements 
signed by an authorized officer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list