On 5 Dec 2012, at 12:37, Alistair Young <[log in to unmask]> wrote: > so why would they be expecting attributes > associated with SAML2 profiles? They're not. Although the NameID is a SAML 2 construct, that *encoding* of targeted ID is a SAML 1 *encoding* for use with SAML 1 profiles. See the MACE-Dir attribute profile specification, section 2.3.2.1.1 for more explanation than most people would want. -- Ian