I also agree with Michael - as of now, description of your setup is too ambiguous. It's not perfeclty clear what part of the issue constitute Passpport-SAML, and what part is contributed by Shibboleth IDP.
1. Please provide a diagram showing all involved entities/machines and interconnections between them. Use real hostnames/ip addresses in it as we'll need to correlated them with the HAR file metnioned below
2. Please share a HAR file with a capture of your failing flow. You can use steps listed [here](https://www.inflectra.com/support/knowledgebase/kb254.aspx) - please use Firefox for that task, Chrome's HARs are flawed. Also don't forget to set "Persist log" and "Disable cache" checkboxes in the console to save everything, not just the recently loaded page
3. Which of the mentioned applications does display this error you mentioned - "Requestor error, Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"/>"? Where does this error come from? An error page in browser, or some log? Please provide as much related log entries and screenshots as possible, so we could understand what's going on