getting desired value into nameID

Lipscomb, Gary glipscomb at
Fri Oct 7 00:06:19 UTC 2022

Check the sequence of nameID creation in saml-nameid.xml
First match wins.

Gary Lipscomb
Technical Officer, Systems
IT Infrastructure & Security | Division of Information Technology

From: users <users-bounces at> On Behalf Of IAM David Bantz via users
Sent: Friday, 7 October 2022 11:02
To: Mak, Steven <makst at>
Cc: IAM David Bantz <dabantz at>; Shib Users <users at>
Subject: Re: getting desired value into nameID

Yes I’ve run these 3 variations:

  *   all 4 policies
  *   no policies
  *   only the emalAddress policy

On 06Oct2022 at 15:58:52, "Mak, Steven" <makst at<mailto:makst at>> wrote:
For an easy test, remove the other NameIDPolicies in the SP metadata so only emailAddress is remaining.

Then just make sure the logic of your resolver config allows the release of some attribute that can fulfill that policy to that service.

- Steve

From: IAM David Bantz <dabantz at<mailto:dabantz at>>
Date: Thursday, October 6, 2022 at 7:55 PM
To: Mak, Steven <makst at<mailto:makst at>>
Cc: Shib Users <users at<mailto:users at>>
Subject: Re: getting desired value into nameID
I’m debugging the config against the resolver exerciser and unsolicited request, so no normal incoming SAML request.


On 06Oct2022 at 15:42:58, "Mak, Steven" <makst at<mailto:makst at>> wrote:
Double check the SAML request that is coming in. If it is stating something like NameIDPolicy > unspecified + Exact, then that may be why you are having trouble.

- Steve Mak

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list