Yes, your assessment is correct (sorry for the huge delay with my response..)
> Gluu is always returning NameID in transient format and never in email or emailAddress format
You should be able to configure release of nameid of the required format from web UI ("SAML" > "Configure custom NameID" page) - have you tried that? [This doc](https://gluu.org/docs/gluu-server/4.1/admin-guide/saml/#configure-nameid-in-oxtrust) may help.
In 4.x you shouldn't need to modify the `saml-nameid.properties` at all, and you shouldn't need to modify `saml-nameid.xml` manually as well, the web UI control should do all the job. Please revert the changes you could have done there, and try the web UI approach first.
When you'll the required nameID in web UI, a corresponding new XML element should appear in `saml-nameid.xml` file (you can copy the original file prior to that, and run `diff` against two files, to make sure it happened). After that, pleaes share the current contents of this file with us, so we could confirm it worked as expected.
If it won't do, for some reason, we'll have to resort to template editing. In 4.x templates are not lying around unpacked as older docs may tell you. Instead, they are packed into a JAR inside `idp.war`, so will require some extra steps to deploy. But hopefully it won't be needed.
We really need to revisit that doc, I don't think it properly describes procedure for current version, sorry about that.