Multiple urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress using condition not working correctly
Cantor, Scott
cantor.2 at osu.edu
Tue Apr 12 18:20:58 UTC 2022
You seem to be conflating the idea of a "persistent" NameID here, and mixing formats and rules. I would imagine that's the root of the problem. You can't set a preference in a relying-party rule for the persistent format (using that actual static constant from the OpenSAML API), and then expect that to result in a NameID with the emailAddress format. If there's no NameID generator with the "persistent" Format that can activate for that SP, nothing will happen, and no NameID will be generated.
Beyond that...adjust and check your logs, that's what they're there for.
-- Scott
More information about the users
mailing list