NameIDFormat question Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Greg HowleyGreg Howley 

NameIDFormat question

I am setting up a new app, working with the vendor.
After running through the SAML 2.0 template, my metadata looks like:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="">
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=""/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=""/>

Vendor says the NameID format is an issue, as it is calling SAML1.1 and they only support SAML2.0.  
Is this correct?  How do I reset this, as I specified 2.0 in the template setup. 
Greg HowleyGreg Howley
Here is the error the vendor is seeing:
IllegalArgumentException Identity provider does not support name identifier format urn:oasis:names:tc:SAML:2.0:nameid-format:transient

So I guess the question is what do I have to change to get the NameID in SAML 2.0?
Dylann FezeuDylann Fezeu (Customer First Programs)
Hello Greg,

Thanks for posting your inquiry in Okta Community Portal.

If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

Dylann Fezeu
Okta Help Center Team