Problem with SLO using Azure as IdP and Shibboleth as SP

Anderson, Paul Paul.Anderson at
Tue Dec 14 18:33:49 UTC 2021

<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">_LDmW38XdIu5Yx0Ga43kI85UDx2smjTT4lgnbuGGFzo</NameID>
Versus LogoutRequest:
<NameID xmlns="urn:oasis:names:tc:SAML:2.0:assertion">_LDmW38XdIu5Yx0Ga43kI85UDx2smjTT4lgnbuGGFzo</NameID>

So it's a missing Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" attribute? Does it default to 'unspecified'?
I'll probably have to change the nameID configuration, then. Thanks.

From: Cantor, Scott <cantor.2 at>
Sent: 14 December 2021 18:27
To: Anderson, Paul <Paul.Anderson at>; Shib Users <users at>
Subject: Re: Problem with SLO using Azure as IdP and Shibboleth as SP

Caution: This email originated from a sender outside Heriot-Watt University.
Do not follow links or open attachments if you doubt the authenticity of the sender or the content.

The assertion contains a persistent NameID Format and the logout has none. That doesn't match. Any SP that accepted that is broken.

-- Scott


Founded in 1821, Heriot-Watt is a leader in ideas and solutions. With campuses and students across the entire globe we span the world, delivering innovation and educational excellence in business, engineering, design and the physical, social and life sciences. This email is generated from the Heriot-Watt University Group, which includes:

  1.  Heriot-Watt University, a Scottish charity registered under number SC000278
  2.  Heriot- Watt Services Limited (Oriam), Scotland's national performance centre for sport. Heriot-Watt Services Limited is a private limited company registered is Scotland with registered number SC271030 and registered office at Research & Enterprise Services Heriot-Watt University, Riccarton, Edinburgh, EH14 4AS.

The contents (including any attachments) are confidential. If you are not the intended recipient of this e-mail, any disclosure, copying, distribution or use of its contents is strictly prohibited, and you should please notify the sender immediately and then delete it (including any attachments) from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list