NameID Format
This page describes specifications of the NameID format for the IIJ ID Service.
NameID format
When federation is performed with SAML, the SAML response, including the user identifier (NameID) of the IIJ ID user, is sent to SAML SP because authentication for the IIJ ID Service has been performed successfully.
SAML SP may determine which user has been authenticated based on the value of the user identifier.
[ Reference ]
Regarding the SAML custom application, it is also possible to specify an arbitrary user attribute for the user identifier.Refer to "Adding SAML Applications (User Identifier (NameID) Specification)" for more information.
Specifications of the NameID format
NameID format | Description | Comments |
---|---|---|
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | One of the user attributes shown below is selected as the user identifier.Only attributes to which a value has been set can be selected. If there are multiple attributes, the highest-level one will be selected. 1. "Application-linking ID" | This NameID format is used for Microsoft 365 applications. |
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | The user ID is selected as the user identifier. | |
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | The user ID is selected as the user identifier. |