Question: is transient the default NameID format for CAS SAML2 support, or
> did I somehow override that?
>
A quick look suggests that it is the default. If an authentication request
does not ask any, and the metadata does not declare support for any, and if
you are not overriding the format
Update: well, here's yet another lesson that correlation does not equal
causation. :)
Here was the root cause:
[36m2020-02-04 23:15:43,941 DEBUG
[org.apereo.cas.support.saml.web.idp.profile.builders.nameid.SamlProfileSamlNameIdBuilder]
-
The reason I was thinking it was the adding of the Google
Thanks, Misagh! Responses below:
On Wed, Jan 29, 2020 at 2:23 AM Misagh Moayyed
wrote:
>
>> None of this would be a big deal if we hadn't run into a bizarre problem
>> that the encoded attribute being sent *CHANGED*.
>>
>
> It would be helpful to describe the steps you took to create/duplicate
>
>
>
> None of this would be a big deal if we hadn't run into a bizarre problem
> that the encoded attribute being sent *CHANGED*.
>
It would be helpful to describe the steps you took to create/duplicate this
scenario.
>
> So my two questions:
> 1) Is there any chance that the google apps ke