A SAML service provider needs NameID element present in the SAML assertion in order for them to accept it. The NameID can be really any format, but urn:oasis:names:tc:SAML:2.0:nameid-format:persistent is what is a default in this situation. The IDP logs Error is pasted below. ernet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder 16:23:09.627 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:483] - Attempting to select name identifier attribute for relying part y 'https://www.securitymentor.com/simplesaml/module.php/saml/sp/metadata.php/wyotest-sp' that requires format 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' 16:23:09.627 - WARN [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:491] - No attribute of principal 'noelle.keller@wyo.gov' can be encoded in to a NameIdentifier of required format 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' for relying party 'https://www.securitymentor.com/simplesaml/module.p hp/saml/sp/metadata.php/wyotest-sp' 16:23:09.627 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:796] - Encoding response to SAML request _aea41004609e8e6e1cca6c79cd58 5942668bbac1ec from relying party https://www.securitymentor.com/simplesaml/module.php/saml/sp/metadata.php/wyotest-sp 16:23:09.666 - DEBUG [PROTOCOL_MESSAGE:74] - <?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://www.securitymentor.com/simplesaml/modul e.php/saml/sp/saml2-acs.php/wyotest-sp" ID="_2920764e9fb4e5baac79708a9c577e91" InResponseTo="_aea41004609e8e6e1cca6c79cd585942668bbac1ec" IssueInstant="2015-09-11T16:2 3:09.627Z" Version="2.0"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://ltgluusaml.cloudapp.net/idp/shibboleth</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_2920764e9fb4e5baac79708a9c577e91"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>z+zOYigdQBF7msXJB0DFMqw37qw=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>VCZb6XoHNAB1Dndtib6kwo/TnyYMFFf5Rq47g2JR3/jr3jnWYYUTJPVmQ0RMdsavYM/H90JtZEmJPXqhqadees+lRX3Z1x4Wk63hn2FF5k7ILzkfviQeRWEqsp67hLiKQ56aouj08yzTH6pjm4qFqV20UQ25hjdn09WZHbjQEU8+il1a1Kt3uH+07JnocGpYqVtajfruMAVBIoRKMATLOYu6i8LQGHGKuhdCTYBqTb6fxi7xZBJB+WuV+AO+X8280T6a+l4ZxnaSzGMAC2LOBPc8k5KLExKp1D7Q4OgzPg2MW7FZcIwJxAVbMTkOpHJu7ms25YQZsRDlCjFV5syGWg==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIDNjCCAh4CCQD+6OCROxHN+zANBgkqhkiG9w0BAQsFADBdMSAwHgYDVQQDDBdsdGdsdXVzYW1s LmNsb3VkYXBwLm5ldDEMMAoGA1UECgwDRVRTMQswCQYDVQQGEwJVUzELMAkGA1UECAwCV1kxETAP BgNVBAcMCENoZXllbm5lMB4XDTE1MDkwNDE1NTA0MloXDTE2MDkwMzE1NTA0MlowXTEgMB4GA1UE AwwXbHRnbHV1c2FtbC5jbG91ZGFwcC5uZXQxDDAKBgNVBAoMA0VUUzELMAkGA1UEBhMCVVMxCzAJ BgNVBAgMAldZMREwDwYDVQQHDAhDaGV5ZW5uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAO8qbjMzckSLAIUqHhnx7U5QxIkEk9Y7UQYiIjwVjb8dXaFIozflxgdkIZOw6K35koMKYnur MlbHN5kudJh+0mBkvYctkK6dm9mdyCYA884f2inJb1RE8LF6ijZ76xdA82w/VMP6B5FMAyM/VE1m tZhq58FAOATLb8zMZStBqwCYI3nCvCNfsXL7RXF1Xnf3X5EUcr0mCt6d9yzAgSgdz2b1p8L43WXv gRIJuzuqx6GGgCSTL6myf4g+msH+0Y9WmwHCQZnzrS5aVG3TbOf104ODCYiEEY4gAtm426bE4ltb MPqXDWxGj5fD1hFMbRLV5A4EGcc8fnoWOWetuHvyGCECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA PVfRWCZ0riRfZF0/2Ig983pi5TKF+E6krEhJpLLVhM5T346Dh42XyeBEmxRnnr897bPcx2hWbcNX K1E4SIskzbHDG6DBRQ4qnjY5f4Taj9YaYs/Xnk+SeCrOEZnNfemIhIFp8jvvw7zHuwVXUC9B1WH/ ErHQw77y7xJiqJvyWOK0QPmWkBHVHlt7m7ywRGALnrMx3/1JvlgXJer1xkJqjI+eoVFXB6ItvWmD 8TwPqdtiJnCpx0U/EwNIjdHhWjQrQvGCkLAl34drNIn34UK+t0ZgvkSCBIMVzhuuRFUcPE9KoZqp ZSgpjvRM7I8vXTHu61FDyG88gEn4ldJBLJ3gXA==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2p:Status> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"/> </saml2p:StatusCode> <saml2p:StatusMessage>Required NameID format not supported</saml2p:StatusMessage> </saml2p:Status> </saml2p:Response>