Fwd: Installing Shibboleth idp3 with hubspot as sp: Getting Saml response status code InvalidNameIDPolicy
Peter Schober
peter.schober at univie.ac.at
Fri Jun 4 15:47:59 UTC 2021
* Youssef Ait Laydi <youssef.aitlaydi at gmail.com> [2021-06-04 17:40]:
> <saml2p:Status> <saml2p:StatusCode Value=
> "urn:oasis:names:tc:SAML:2.0:status:Requester"> <saml2p:StatusCode Value=
> "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" /> </
> saml2p:StatusCode> <saml2p:StatusMessage>An error occurred.</
> saml2p:StatusMessage> </saml2p:Status>
[...]
> Profile Action AddNameIDToSubjects: Request specified use of an
> unsupportable identifier format:
> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
That means your IDP is not configured to produce NameIDs of that format.
> Note that I didn't change saml-nameid.xml but I
> changed saml-nameid.properties:
> idp.nameid.saml2.default =
> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
A *very* bad idea (setting that as default), but also quite obviously
it didn't take, otherwise the IDP wouldn't be throwing that error?
-peter
More information about the users
mailing list