Thank you for your inputs. I have now corrected the nameID format of ImmutableID to be consistent between attribute-resolver.xml and saml-nameid.xml. I have set it to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
The revised files are now shared here:
As for adding custom attribute ImmutableID from oxTrust: If I do that, I see 2 contradicting definitions for ImmutableID in attribute-resolver.xml (it did not solve the InvalidNameIDPolicy error either). But, I do see Immutable ID listed as an option in the Trust Relationships GUI when I do that.
If I have to add ImmutableID in oxTrust GUI, should I delete the definition that I configured from the velocity template file?
When I added ImmutableID from the oxTrust GUI, I used these 2 values:
- SAML1 URI: urn:gluu:dir:attribute-def:ImmutableID
- SAML2 URI: urn:oid:18.104.22.168.4.1.48710.1.3.1002
Are they fine?
The reason I configured ImmutableID using manual configuration as opposed to using oxTrust GUI was [this link](https://support.gluu.org/identity-management/6472/invalid-nameidpolicy-error/). It says the problem exists for Gluu version 3.1.4, which I am using.