Multiple NameIDFormat in IdP metadata

[Sgoettschkes]

We have the following part in an IdP metadata:

<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>

When initiating a login with this IdP, the SP sends the following value:

<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />

No nameid_format was set in the IdP configuration.

I wasn't able to fully verify this with the specification, so I am not sure what the correct way to handle this is, but I suspect that just concatenating all 4 values is not correct?

[rpylipow]

@Sgoettschkes I've run into recently as well. You may consider moving this issue over to https://github.com/dropbox/samly, as I believe that is the maintainer now.

[Sgoettschkes]

The Dropbox fork does not have issues enabled, so I figured they might look here.