Enable Disable-NameID-Persistence by default for the case that NameID is unspecified

Description

If the value of NameID is unspecified, the default behavior is the same as for persistent.

Search for sun-fm-saml2-nameid-info attribute in user data store
If the attribute is not found, it is necessary to create it or link it to an existing user
it is not possible to create the attribute or link it to an existing user unless allowCreate is included in the SAML request By enabling the "Disable NameID Persistence" parameter, the default behavior will differ from that of the persistent case.

Solution

Enable the following settings by default By enabling the default value of the "Disable NameID Persistence" parameter, the same behavior as in the persistent case can be avoided.

Federation -> [IdP's Entity Provider ID] -> Assertion Processing -> Account Mapper
・Disable NameID Persistence

Federation -> [SP's Entity Provider ID] -> Assertion Content ->NameID Format
・Disable NameID Persistence

openam-jp / openam

Enable Disable-NameID-Persistence by default for the case that NameID is unspecified #264

Description

Solution