You need to set up a NameID transformation to let Identify issue the correct NameId as required by the eHerkenning specification:
- If a response from the AD to Identify has a ActingSubjectId claim, use it for the subject element that is sent to the DV.
- Otherwise, use the EncryptedId element that is found in the Subject element of the received response from the AD.
In order to create that transformation rule, you can following the two steps below:
1. Create a NameID transformation rule:
2. Apply that rule to the SAML 2.0 Protocol connection of the DV: