Skip Navigation
Expand
Supported NameID formats in SAML response subject
Answer ID 10917   |   Last Review Date 05/27/2021

What are the supported NameID formats in the Subject of a SAML response for Single Sign On (SSO)?

Environment:  

Single Sign-On (SSO)/SAML

Resolution:

When setting up Single Sign-On with your Identity Provider (IdP), the NameID format that is included in the Subject for the SAML response from your IdP must be in one of the following formats:  

Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

Below is an example Subject with a supported NameID format:

<saml:Subject>
    <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">mylogin</saml:NameID>
    <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData NotOnOrAfter="2019-05-29T16:51:11Z" Recipient="https://mysite-custhelp.com/cgi-bin/mysite.cfg/php/sso/saml2/sp/post/acs.php"/>
    </saml:SubjectConfirmation>
</Subject>

If your NameID format is not in one of the formats that are supported by Oracle Service Cloud, your SSO authentication can fail and you will see a "Single Sign-On is not configured correctly. Please contact your system administrator." error displayed.

You will need to work with your identity provider to ensure they are setting the appropriate supported NameID format in the subject of the SAML response.