Upgrade from v4.0.1 to v4.2.1 - InvalidNameIDPolicy

Nilan Morjaria-Patel N.Morjaria-Patel at soton.ac.uk
Mon Jun 20 14:08:09 UTC 2022 

Hi,

As stated in the subject I have just attempted to upgrade one of our dev Shibb IDP servers, however I now get the following in idp-warn.log:

2022-06-20 15:05:20,191 - WARN [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:334] [152.78.128.111] - Profile Action AddNameIDToSubjects: Request specified use of an unsupportable identifier format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-06-20 15:05:20,192 - WARN [org.opensaml.profile.action.impl.LogEvent:101] [152.78.128.111] - A non-proceed event occurred while processing the request: InvalidNameIDPolicy


aacli shows the following NameID generation

/srv/shibboleth-idp/bin/aacli.sh -n nmp1u14 -r https://play01982.soton.ac.uk/shibboleth --saml2
<?xml version="1.0" encoding="UTF-8"?><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_ae104b1b0dd1196023b2a08eca9d7198" IssueInstant="2022-06-20T13:55:33.363Z" Version="2.0">
    <saml2:Issuer>https://dev2.webauth.soton.ac.uk/shibboleth</saml2:Issuer>
    <saml2:Subject>
        <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://dev2.webauth.soton.ac.uk/shibboleth" SPNameQualifier="https://play01982.soton.ac.uk/shibboleth">AAdzZWNyZXQxGwyRs+jhaCaHe6H4FrWlHhq/5eBHgkg5wzeuGIaLb82kIaLp/8f9qWvikz4nCsInmrtjvNdaHHfbC39kTqIcB5D3V3eQ4ipbSNYgUOu9dlKEI+mdZVwwcO1w6RDOczilvOhaZ+dJlv5vpaU8354=</saml2:NameID>

It appears the SP is requesting urn:oasis:names:tc:SAML:2.0:nameid-format:transient.


Thanks
Nilan
----
Nilan Morjaria-Patel | Infrastructure Engineer | Enterprise Systems Management | iSolutions
University of Southampton
Level 5, One Guildhall Square, Southampton, SO14 7FP

n.morjaria-patel at soton.ac.uk<mailto:n.morjaria-patel at soton.ac.uk> | +44 2380 595680 | ext 25680

Manage your IT tickets and requests at: <http://www.southampton.ac.uk/ithelp> https://sotonproduction.service-now.com/soton/it.do

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220620/947a0c78/attachment.htm>

More information about the users mailing list