>> mail --> NameID You can't create a nameID and map it like this way. Check out the Shibboleth wiki on how to create a NameID. >> However, when I try to add Source attribute to destination attribute mappings on the cache refresh page, those attributes don't seem to be showing up I can see them in attributes list. Please check out the attached screenshot.

Reading the documentation for generating a nameID, I am supposed to edit the file saml-nameid.xml in shibboleth2/idp folder, but I cannot find any saml-nameid.xml on the gluu server itself or within service gluu-server24 login. Do I need to create the file? Should it be within the chroot environment or not? Also, the SP is requesting a nameID, but does not specify transientID or persistentID, and when I look at attributes I can release in the GUI, I see transientID and persistentID, but not nameID. Will transientID and persistentID return as nameID to the SP?

>> Reading the documentation for generating a nameID, I am supposed to edit the file saml-nameid.xml in shibboleth2/idp folder, but I cannot find any saml-nameid.xml on the gluu server itself or within service gluu-server24 login. 'saml-nameid.xml'?! There is no file with this name in Gluu Server. You need to add nameID in 'attribute-resolver.xml' file. As Gluu Server loads configuration files from velocity template, so you need to add this nameID definition in velocity template first ( location: /opt/tomcat/conf/shibboleth/idp/ ). After adding configuration in VM template, restart tomcat; your new configuration will appear in main configuration files inside /opt/idp/conf/ We don't have any public doc on how to create NameID but Shibboleth has pretty nice [doc](https://wiki.shibboleth.net/confluence/display/SHIB2/IdPNameIdentifier) and it's almost same in Gluu Server as well.

I have been extremely busy with other projects but I got a chance to swing back around to this tonight. I found the template files you're referencing and I followed the custom name identifier documentation here: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPCustomNameIdentifier since my SP is requesting specifically that the attribute email be released as NameID. Does this look correct? attribute-resolver.xml.vm: <resolver:AttributeDefinition id="customId" xsi:type="Simple" sourceAttributeID="email" xmlns="urn:mace:shibboleth:2.0:resolver:ad"> <resolver:Dependency ref="DEFINITION_ID_1" /> <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" /> <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" /> attribute-filter.xml.vm: <AttributeFilterPolicy id="releaseCustomIdToPartner"> <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="www.wrike.com" /> <AttributeRule attributeID="customId"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> </AttributeFilterPolicy> After I do this, should I see this CustomID to be released to the SP in the trust section of the GUI? I am not seeing it there.