According to @yurem , it was decided to remove elements related to SAML1 nameid generation from /opt/shibboleth-idp/conf/saml-nameid.xml in 3.1.4. It turned out that by simply removing it from there the whole nameid generation process is sabotaged, inlcuding SAML2 nameids. Apparently, this bean element is referenced from other parts of configuration, which need to be modified in tandem with this file.

It may be better to restore this file to its original state until better solution is found. For this text provided below must be re-added to /opt/gluu/jetty/identity/conf/shibboleth3/idp/saml-nameid.xml.vm:

    <!-- SAML 1 NameIdentifier Generation -->
    <util:list id="shibboleth.SAML1NameIdentifierGenerators">

        <ref bean="shibboleth.SAML1TransientGenerator" />

        <!--
        <bean parent="shibboleth.SAML1AttributeSourcedGenerator"
            p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
            p:attributeSourceIds="#{ {'mail'} }" />
        -->

    </util:list>

Fixed in ac89669

@aliaksander-samuseu can you check the fix?