>> attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified',
See... 'emailAddress' is not 'unspecified' type. There are basically three types of popular nameIDs there: (1) emailAddress type (2) persistent type (3) unspecified type.
'unspecified' type nameID is deprecated from Shibboleth v3 code; so we did same for our Gluu Server v3.
'InvalidNameIDPolicy' means ... IDP can't produce nameID which is 'specified' in SP's metadata.
Generally, when such error comes: we do two things:
- Try to configure nameID properly in Gluu Server.
- Try to remove 'unspecified' type nameID in SP's metadata and put either 'emailAddress' type or 'persistentID' type nameID format there in that metadata.