Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Options specific to the SAML 2.0 Single Logout profile:

Name

Type

Default

Description

qualifiedNameIDFormats

Collection<String>


See below

Guidance

The qualifiedNameIDFormats option was added to deal with an interoperability issue involving the matching of SAML <NameID> elements between the values issued by the IdP and values received in <LogoutRequest> messages. The two have to "match", and the IdP was imposing a strict rule that required all the various bits of a <NameID> to be equal, which is the conservative approach, but it relies on SPs not modifying the data they receive unnecessarily.

...