I'd expect to receive something like this in the SAML response: ``` <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://idp.example.org/idp/shibboleth" SPNameQualifier="https://sp.example.org/plugins/servlet/samlsso" >123456789</saml2:NameID> ``` But after enabling the Custom NameIDs as documented, restarting services and waiting, they still keep displaying as: ``` <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://idp.example.org/idp/shibboleth" SPNameQualifier="https://sp.example.org/plugins/servlet/samlsso" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >AAdzZWNyZXQxJPQjfpj8GnzN7YwJEPS3iU9YMM8YwGJjF8bo...F5EgQ53lI0Ct31uks3SRmP61MzaIlIGSLP </saml2:NameID> ``` The same happens for other attributes as well, no matter it's persistent, transient or emailaddress. Also, despite having the attribute UID and set it to both the NameID and the SAML attributes, it's not showing in either. Browsing through the users I can see it clearly synchronized (came from Cache Refresh). The attribute mapping is too verbose, can't we simplify it (though configuration) from: ``` <saml2:Attribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue>Guilherme Capilé</saml2:AttributeValue> </saml2:Attribute> ``` To: ``` <saml2:Attribute Name="displayName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue>Guilherme Capilé</saml2:AttributeValue> </saml2:Attribute> ``` Then reason is that for some services we have to configure all the attributes as "urn:oid:2.16.840.1.113730.3.1.241"... Another question: is there a way to import/export only the RDN attribute from the memberof (or similar attribute, imported from LDAP, that is, only "admin" and not "cn=admin,ou=groups,dc=example,dc=com"? Thanks in advance, Guilherme Capilé