Options specific to the SAML 2.0 Single Logout profile:
Name | Type | Default | Description |
---|---|---|---|
qualifiedNameIDFormats | Collection<String> | See below |
Guidance
The qualifiedNameIDFormats
option was added to deal with an interoperability issue involving the matching of SAML <NameID>
elements between the values issued by the IdP and values received in <LogoutRequest>
messages. The two have to "match", and the IdP was imposing a strict rule that required all the various bits of a <NameID>
to be equal, which is the conservative approach, but it relies on SPs not modifying the data they receive unnecessarily.
...