Admit defeat and support "unspecified" NameFormat without special config
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
Shibboleth is the only implementation that is encouraging proper use of the NameFormat attribute, and it's causing extra work for deployers when dealing with IdPs using the "unspecified" constant or leaving it out.
We can support this without breaking anything by doing a first pass treating extraction rules with no nameFormat as equivalent to "URI" but then adding a second pass that treats no nameFormat as "unspecified". That means existing rules with "unspecified" spelled out will work the same way, but new deploys against ADFS and similar IdPs should "just work".
Shibboleth is the only implementation that is encouraging proper use of the NameFormat attribute, and it's causing extra work for deployers when dealing with IdPs using the "unspecified" constant or leaving it out.
We can support this without breaking anything by doing a first pass treating extraction rules with no nameFormat as equivalent to "URI" but then adding a second pass that treats no nameFormat as "unspecified". That means existing rules with "unspecified" spelled out will work the same way, but new deploys against ADFS and similar IdPs should "just work".