Weird issue with SAML-NAMEID.xml
Cantor, Scott
cantor.2 at osu.edu
Fri Jun 3 18:04:30 UTC 2022
You don't do this by touching anything but metadata. Add the relevant NameIDFormat to the SP's metadata or add a filter to add it. Done.
Do NOT create one-off NameID generator beans and do not use activation conditions to control them. Just because it's possible doesn't mean you should ever do it. It's there as an absolute last resort.
The documentation does not in any way suggest doing this, so I don't know why people are doing it or what would lead somebody to think it makes sense, but it's analagous to creating an LDAP plugin that changes what attribute values are served up for a fixed attribute type based on the bind DN. Nobody would even think of doing that, and this is the same.
If you create an email Format generator based on the filtered value of mail (or whatever attribute you use), then you need not worry about anything but releasing the relevant attribute to the SP and making sure its metadata stipulates the right Format.
-- Scott
More information about the users
mailing list