From 9cb633c9e2073a56e403023ce6a0443dcb1d234c Mon Sep 17 00:00:00 2001
From: DacongDA <dacongda1@sina.com>
Date: Wed, 27 Aug 2025 22:33:14 +0800
Subject: [PATCH] feat: use a more popular format for nameid to ensure
 compatibility in NewSamlResponse() (#4123)

---
 object/saml_idp.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/object/saml_idp.go b/object/saml_idp.go
index 6253b7f9..d5055e87 100644
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -71,7 +71,11 @@ func NewSamlResponse(application *Application, user *User, host string, certific
 		nameIDValue = user.Email
 	}
 	nameId := subject.CreateElement("saml:NameID")
-	nameId.CreateAttr("Format", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent")
+	if application.UseEmailAsSamlNameId {
+		nameId.CreateAttr("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
+	} else {
+		nameId.CreateAttr("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")
+	}
 	nameId.SetText(nameIDValue)
 	subjectConfirmation := subject.CreateElement("saml:SubjectConfirmation")
 	subjectConfirmation.CreateAttr("Method", "urn:oasis:names:tc:SAML:2.0:cm:bearer")