I have tried the implementing SSO document and I keep getting errors regarding the NameID (unable to do sso or federation, unable to generate NameID). I searched the web and came across references that the NameID format and value needed to be set up correctly. I also used wireshark to check the traffic between the two services and came across this:
Note: Prior to 7.4 the nameid-format was just transient. As of 7.4 and newer it's the above two formats.
The import of the metadata from PRPC worked fine but at runtime OpenAM threw an exception that it couldn’t find the NameIDFormat “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”. I had to switch it at the IDP level, after metadata import, to use the old “urn:oasis:names:tc:SAML:2.0:nameid-format:transient” format to resolve the issue