I floated this one over in the NMAS forum but got no response, yet.

We have an issue with SSO using the SAML Method. We have users with
periods in the CN. No getting around that, user ID's have been that way
for a long time. This generally causes no problem, except one we found
with the SAML SSO. When a user logs in to UA from the web, no problem.
When we send over a SAML assertion, no workee...

When we look at the eDir trace, we can see the LDAP search for the
user, and that works fine, the period does not cause a problem. But
when the SAML method then tries to log them in, it never escapes the
period, so the DN does not come out properly. We tried to escape the
period before making the assertion, no good, LDAP did not like it. We
know it is the period because if we send the same user, renamed using an
underscore, it works fine.

tse7147's Profile: http://forums.novell.com/member.php?userid=4730
View this thread: http://forums.novell.com/showthread.php?t=406981