Error "nameID is marked non-null but is null" Or "NameID element must be present as part of the Subject in the Response message" Received When Using SSO with AD FS

Published: 10 Dec 2019
Last Modified Date: 08 Jul 2022


When using SSO with AD FS as the SAML IdP, the following error may occur: 

Error validating SAML message; caused by: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration


Exception processing SAML Response; caused by: nameID is marked non-null but is null


  • Tableau Cloud
  • Tableau Server
  • SAML
  • AD FS


Step One

Update the LDAP Claim Mapping to use Email Addresses for the Outgoing Claim Type: 
  1. Select Edit Rule for the Tableau Cloud policy Attributes
  2. Ensure Outgoing Claim Type is set to Email Addresses
Note: See the below screenshot. The LDAP Attributes may be different depending on your ADFS configuration. 
User-added image

Step Two

Create a Transform Claim Rule to change the Outgoing Claim Type to NameID: 
  1. Select Add Rule
  2. Select Transform an Incoming Claim
  3. Enter a name (Example: Email to Name ID). 
  4. For Incoming claim type, select Email Addresses
  5. For Outgoing claim type, select Name ID
  6. For Outgoing name ID format, select Email. 
  7. Make sure Pass through all claims is selected. 
  8. Select Finish.

Step Three

Configure Tableau Cloud to use NameID for the email attribute:
  1. Sign in to your Tableau Cloud site as a site administrator, and select Settings > Authentication.
  2. On the Authentication tab, under SAML, select Edit connection.
  3. In the Identity Provider (IdP) Assertion Name column, change the Email attribute to NameID.
  4. Click Apply.


AD FS was not configured to send the NameID in the Subject.
Did this article resolve the issue?