<nameIdPolicy> Element

This is an optional child element of the sustainsys.saml2 element.

This element controls the generation of NameIDPolicy element in AuthnRequests. The element is only created if either allowCreate or format are set to a non-default value.


allowCreate (Optional)
Default value is empty, which means that the attribute is not included in generated AuthnRequests. Supported values are true or false.
format (Optional)

Sets the requested format of NameIDPolicy for generated authnRequests.

Supported values (see section 8.3 in the SAML2 Core specification for explanations of the values).

  • Unspecified
  • EmailAddress
  • X509SubjectName
  • WindowsDomainQualifiedName
  • KerberosPrincipalName
  • EntityIdentifier
  • Persistent
  • Transient

If no value is specified, no format is specified in the generated AuthnRequests. If Transient is specified, it is not permitted to specify allowCreate (see in the SAML2 Core spec).