When running Federation Services as IdP and the request received from the SP side ends with the following message in the assertion:

    The NameIDPolicy format agreement between SP and IdP is not met!

FWSTrace.log

[11/18/2019][17:37:33][51396][140057613305600][][SSO.java][processAssertionGeneration][resource is:/SAMLRequest=<value>&RelayState=https%3A%2F%2Fsp.example.com%2Fsso%2F&SSOUrl=https%3A%2F%2Fidp.example.net%2Fidp

   <Response ID="<responseid>" 
       InResponseTo="<inresponseto>"
       IssueInstant="2019-11-18T17:37:34Z"
       Version="2.0"
       xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
      <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">
        <idpname>
      </ns1:Issuer>
      <Status>
     <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
       <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"/>
     </StatusCode>
     <StatusMessage>
       The NameIDPolicy format agreement between SP and IdP is not met!
     </StatusMessage>
      </Status>
   </Response>

In Policy Server code for processing the SAML 2.0 assertion, the NameID format expected is:

  urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

and not

  urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress

as the code follows the standards for 2.0 SAML protocol (1)(2).

Request the partner to send the assertion with the expected URI format as per the OASIS Standard to solve this issue.

  urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

1. Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0
   
   
2. Is urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress a valid NameID format?