Due to the NameId juggling taking place during the Input filtering. There MUST be a point in time when we set the correct outgoing NameId value and format. And that is done in the AddIdentityAttributes filter.
During the optimization I moved the 'were done here' return statement to a block that seemed to make more sense to me. But that caused the NameId from not being set even though it was resolved.
So I moved that block back to the position where it is supposed to be.
It is meant as a guard from injustly overwriting the eduPersonTargettedId. Not for preventing the setting of the correct NameId in the subject.
Due to the NameId juggling taking place during the Input filtering. There MUST be a point in time when we set the correct outgoing NameId value and format. And that is done in the AddIdentityAttributes filter.
During the optimization I moved the 'were done here' return statement to a block that seemed to make more sense to me. But that caused the NameId from not being set even though it was resolved.
So I moved that block back to the position where it is supposed to be.
It is meant as a guard from injustly overwriting the eduPersonTargettedId. Not for preventing the setting of the correct NameId in the subject.
Fixes: #1318