Migue, the eduPerson specification mandates that the eduPersonTargetedID attribute contains a SAML2 NameID element.
This means the there shouldn't even be a configuration option to tell whether to use a NameID or not, as anything other than a NameID is incorrect and not an eduPersonTargetedID. I get that it is useful like that, but the trend is to deprecate eduPersonTargetedID anyway in favor of the NameID in the Subject element of the Assertion, and plain values there are just breaking the standard.
Migue, the eduPerson specification mandates that the eduPersonTargetedID attribute contains a SAML2
NameIDelement.This means the there shouldn't even be a configuration option to tell whether to use a
NameIDor not, as anything other than aNameIDis incorrect and not an eduPersonTargetedID. I get that it is useful like that, but the trend is to deprecate eduPersonTargetedID anyway in favor of theNameIDin theSubjectelement of theAssertion, and plain values there are just breaking the standard.