...
Subject Canonicalization (often abbreviated as "c14n") is the process by which the IdP turns a representation of a subject identity (usually that of a user) into a simple username to normalize the value. Over time this mechanism may be applied to a variety of different scenarios, but initially there are two cases:
- Normalizing the authenticated subject into a username (referred to as "post-login" canonicalization, see AuthenticationConfiguration)
- Mapping a SAML 1
<NameIdentifier>
or SAML 2<NameID>
element into a username (referred to as NameID consumption, see NameIDConsumptionConfiguration)
...