Request specified use of an unsupportable identifier format: urn:mace:shibboleth:1.0:nameIdentifier

Mak, Steve makst at upenn.edu
Wed Jun 9 18:14:01 UTC 2021


Maybe others can correct me, but I believe the IdP's nameID format priority list goes like this:

1. relying party override
2. SAML request requirement
3. SP metadata preference list - as long as "unspecified" is not present

If no NameID Format is listed then the IdP will operate with "unspecified", otherwise it will consult the priority list.

Your cayuse integration is hitting the 1.0 NameID at #2. You can either get cayuse to fix their side or you can override with #1.

- Steve



More information about the users mailing list