Fwd: Installing Shibboleth idp3 with hubspot as sp: Getting Saml response status code InvalidNameIDPolicy

Peter Schober peter.schober at univie.ac.at
Fri Jun 4 15:47:59 UTC 2021

* Youssef Ait Laydi <youssef.aitlaydi at gmail.com> [2021-06-04 17:40]:
> <saml2p:Status> <saml2p:StatusCode Value=
> "urn:oasis:names:tc:SAML:2.0:status:Requester"> <saml2p:StatusCode Value=
> "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" /> </
> saml2p:StatusCode> <saml2p:StatusMessage>An error occurred.</
> saml2p:StatusMessage> </saml2p:Status>
> Profile Action AddNameIDToSubjects: Request specified use of an
> unsupportable identifier format:
> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

That means your IDP is not configured to produce NameIDs of that format.

> Note that I didn't change saml-nameid.xml but I
> changed saml-nameid.properties:
> idp.nameid.saml2.default =
> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

A *very* bad idea (setting that as default), but also quite obviously
it didn't take, otherwise the IDP wouldn't be throwing that error?


More information about the users mailing list