More options for "direct" NameID consumption / subject comparison
Basics
Logistics
Basics
Logistics
Description
The support for direct consumption of NameIDs only does regex transforms and not upper/lower casing.
In addition the comparison done between a requested Subject name and the authenticated name is currently hardwired to be an equals. I suspect it should allow for a BiPredicate to be applied as a final catch-all.
Environment
None
Activity
Scott Cantor
December 23, 2020 at 12:47 AM
Add a hook for complete override of the decoder step, which is already an injection point into the bean that implemented the flows. Proxying was already its own bean too so it's possible to do that separately.
Scott Cantor
December 22, 2020 at 6:43 PM
Added properties for case folding, updating docs now. Should apply to both requests and proxied NameIDs.
The support for direct consumption of NameIDs only does regex transforms and not upper/lower casing.
In addition the comparison done between a requested Subject name and the authenticated name is currently hardwired to be an equals. I suspect it should allow for a BiPredicate to be applied as a final catch-all.