feat: use a more popular format for nameid to ensure compatibility in NewSamlResponse() (#4123)

2025-09-07 11:00:28 +08:00 · 2025-08-27 22:33:14 +08:00
parent d0d059d42f
commit 9cb633c9e2
1 changed files with 5 additions and 1 deletions
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -71,7 +71,11 @@ func NewSamlResponse(application *Application, user *User, host string, certific
 		nameIDValue = user.Email
 	}
 	nameId := subject.CreateElement("saml:NameID")
-	nameId.CreateAttr("Format", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent")
+	if application.UseEmailAsSamlNameId {
+		nameId.CreateAttr("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
+	} else {
+		nameId.CreateAttr("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")
+	}
 	nameId.SetText(nameIDValue)
 	subjectConfirmation := subject.CreateElement("saml:SubjectConfirmation")
 	subjectConfirmation.CreateAttr("Method", "urn:oasis:names:tc:SAML:2.0:cm:bearer")