From fc70c359381b9440a00d9ce3b67db6f2c361b279 Mon Sep 17 00:00:00 2001
From: Nathanael DEMACON <quantumsheep@users.noreply.github.com>
Date: Wed, 3 Sep 2025 14:30:44 +0200
Subject: [PATCH 1/2] explicitly set unspecified name id format

Signed-off-by: Nathanael DEMACON <quantumsheep@users.noreply.github.com>
---
 service_provider.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/service_provider.go b/service_provider.go
index c97886d0..13278de0 100644
--- a/service_provider.go
+++ b/service_provider.go
@@ -1614,8 +1614,6 @@ func (sp *ServiceProvider) nameIDFormat() string {
 	case "":
 		// To maintain library back-compat, use "transient" if unset.
 		nameIDFormat = string(TransientNameIDFormat)
-	case UnspecifiedNameIDFormat:
-		// Spec defines an empty value as "unspecified" so don't set one.
 	default:
 		nameIDFormat = string(sp.AuthnNameIDFormat)
 	}

From e7f4926f3c433bec9ea2a3ab2f34c7297fe65375 Mon Sep 17 00:00:00 2001
From: Nathanael DEMACON <quantumsheep@users.noreply.github.com>
Date: Wed, 3 Sep 2025 14:35:29 +0200
Subject: [PATCH 2/2] update test

Signed-off-by: Nathanael DEMACON <quantumsheep@users.noreply.github.com>
---
 service_provider_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/service_provider_test.go b/service_provider_test.go
index 35103d6b..680568b3 100644
--- a/service_provider_test.go
+++ b/service_provider_test.go
@@ -95,7 +95,7 @@ func TestSPCanSetAuthenticationNameIDFormat(t *testing.T) {
 	s.AuthnNameIDFormat = UnspecifiedNameIDFormat
 	req, err = s.MakeAuthenticationRequest("", HTTPRedirectBinding, HTTPPostBinding)
 	assert.Check(t, err)
-	assert.Check(t, is.Equal("", *req.NameIDPolicy.Format))
+	assert.Check(t, is.Equal(string(UnspecifiedNameIDFormat), *req.NameIDPolicy.Format))
 
 	// explicitly set to "emailAddress"
 	s.AuthnNameIDFormat = EmailAddressNameIDFormat