From 01563ff114ef632ca3570392f9fe8e6111b1145f Mon Sep 17 00:00:00 2001
From: Jens Dede <github@jdede.de>
Date: Fri, 21 Nov 2025 00:37:59 +0100
Subject: [PATCH 1/2] Do not use deprecated NAMEID_EMAIL_ADDRESS as default

---
 app/Access/Saml2Service.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/Access/Saml2Service.php b/app/Access/Saml2Service.php
index 106a7a22906..9ba4470a2ac 100644
--- a/app/Access/Saml2Service.php
+++ b/app/Access/Saml2Service.php
@@ -65,8 +65,7 @@ public function logout(User $user): array
                 [],
                 $user->email,
                 $sessionIndex,
-                true,
-                Constants::NAMEID_EMAIL_ADDRESS
+                true
             );
             $id = $toolKit->getLastRequestID();
         } catch (Error $error) {

From deae0b01081d11e39c17ecce5c20e55b03937b8a Mon Sep 17 00:00:00 2001
From: Jens Dede <github@jdede.de>
Date: Sun, 23 Nov 2025 18:06:37 +0100
Subject: [PATCH 2/2] Do not use deprecated SAML:1.1 NameIDFormat as default

---
 app/Config/saml2.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Config/saml2.php b/app/Config/saml2.php
index 44d06c5b2e6..c5d1e52a89d 100644
--- a/app/Config/saml2.php
+++ b/app/Config/saml2.php
@@ -78,7 +78,7 @@
             // Specifies constraints on the name identifier to be used to
             // represent the requested subject.
             // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
-            'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+            'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
 
             // Usually x509cert and privateKey of the SP are provided by files placed at
             // the certs folder. But we can also provide them with the following parameters