Join GitHub today
NameIDFormat as array (#91) #931
This patch allows for the NameIDFormat in SSP's metadata format to be either an array or a string, thus facilitating the generation of multiple elements in XML metadata. This, in turn, allows IdPs to advertise support for zero or more NameIDFormats, in line with SAML2Meta.
In issue #91, @id812510 requested that NameIDFormat become an array. We encountered the same issue when initially setting up our federation hub in that we wanted the generated metadata to include both a transient and a persistent NameIDFormat, since the hub has authproc filters for both.
I developed a patch for this in 2016, but at the time I was not confident enough in my understanding of SSP's internals to convert that into a pull request. I instead left the branch in my own fork and referenced the issue. However, we've been running this patch in production for well over a year over several version changes of SSP and we've fixed the only bug we ever encountered.
Realising this might still be an issue for other people, I'm now converting that into a pull request :)