Request specified use of an unsupportable identifier format: urn:mace:shibboleth:1.0:nameIdentifier

Jason Rotunno jrotunno at
Wed Jun 9 18:00:21 UTC 2021

Ah, ok. Thanks for the info. I'd like to explain the issue to the SP but it
sounds like urn:mace:shibboleth:1.0:nameIdentifier is the name Shib uses
for that format. Is there platform-agnostic terminology to refer to that
request format that the SP operators would (hopefully) recognize?

Also, just out of curiosity, since there are no required Name ID formats in
the SP's metadata, how does the IdP know that it's requiring

Appreciate the help,

On Wed, Jun 9, 2021 at 12:03 PM Cantor, Scott <cantor.2 at> wrote:

> On 6/9/21, 11:57 AM, "users on behalf of Jason Rotunno" <
> users-bounces at on behalf of jrotunno at> wrote:
> > Can anyone perhaps provide some insight that might help me get this
> working?
> You don't. They have a bug and need to discontinue making mandatory
> requests for that format, that's a SAML 1.1 only thing and is essentially a
> dead issue. A SAML 2.0 request cannot request that format and there is
> nothing you should do to make it work.
> -- Scott
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at


Jason Rotunno
System & Security Administrator
Swarthmore College
500 College Ave
Swarthmore, PA 19081

*VERIFY before you click!!*
  - Attackers make their emails look like they come from someone they don't.
  - Attackers make links look like they go to websites they don't.
  - Attackers disguise malware as receipts, invoices, faxes, etc.

Forward suspicious emails to phishing at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list