currently, we use openAM version 13.0.0 as a service provider for SAML2 SSO.
How To Configure openAM SAML2 service provider to use NameID Format unspecified?
Edit : I faced the following issue :
ERROR: spAssertionConsumer.jsp: SSO failed. com.sun.identity.saml2.common.SAML2Exception: No local user being mapped. at com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1225)
Given you use spSSOInit.jsp to trigger SP-initiated SSO flow, you can specify the NameID format to be sent (NameIDPolicy element in SAML AuthNRequest) by using request parameter NameIDFormat. If it's supported by the SP and IdP, it will be used. If you do not specify this request parameter, OpenAM tries to find the first NameID format that is supported by both entities. If the IDP does not specify anything, the first NameID format of the hosted SP is used.