<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"> I can’t get the NameID to be generated in the response of the IdP when working with Google apps as SP. Google apps sets the NameIdPolicy with a format of urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified in the authentication request.
It’s metadata also has the same NameIDFormat. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Doesn’t Shib IdP 3.2 support the urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified name id format anymore? I see the following statement in the logs:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">“Ignoring NameIDFormat metadata that includes the 'unspecified' format”.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">When I don’t specify any nameIDFormatPrecedence in the relying party xml for the google apps sp, it defaults to the transient NameID generator, the output of which is not a valid id for Google Apps.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks<o:p></o:p></p>
<p class="MsoNormal">Nanda <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:#1F497D">====================================================================== <br>
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient and may contain originating company confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, immediately contact the sender by reply e-mail or notify the </span><a href="applewebdata://C7998FB1-8D0A-4CA3-B689-30E2F4A29B9A/postmaster@fisc.com"><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:blue">postmaster@fisc.com</span></a><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:#1F497D"> and
destroy all copies.</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>