Request specified use of an unsupportable identifier format: urn:mace:shibboleth:1.0:nameIdentifier
Nate Klingenstein
ndk at signet.id
Wed Jun 9 18:04:22 UTC 2021
Jason,
It's an old term that was used when Shibboleth had its own protocol. The modern-day rough equivalent is urn:oasis:names:tc:SAML:2.0:nameid-format:transient, and that is written into the SAML 2.0 specifications.
The SP can also request specific NameID formats in the AuthnRequest.
Take care,
Nate.
--------
Signet, Inc.
The Art of Access ®
https://www.signet.id
-----Original message-----
From: Jason Rotunno
Sent: Wednesday, June 9 2021, 12:00 pm
To: Shib Users
Subject: Re: Request specified use of an unsupportable identifier format: urn:mace:shibboleth:1.0:nameIdentifier
Ah, ok. Thanks for the info. I'd like to explain the issue to the SP but it sounds like urn:mace:shibboleth:1.0:nameIdentifier is the name Shib uses for that format. Is there platform-agnostic terminology to refer to that request format that the SP operators would (hopefully) recognize?
Also, just out of curiosity, since there are no required Name ID formats in the SP's metadata, how does the IdP know that it's requiring urn:mace:shibboleth:1.0:nameIdentifier?
Appreciate the help,
Jason
More information about the users
mailing list