File(s): conf/c14n/subject-c14n.xml, conf/c14n/subject-c14n.properties (V4.1+)
Format: Native Spring, Properties (V4.1+)
Table of Contents |
---|
Overview
The c14n/SAML2ProxyTransform post-login subject c14n flow does an extraction of a NameIDPrincipal from the Java Subject and returns the value as the canonical principal name for the subject. It also supports a small set of optional transforms (and as of V4.1+ case folding) to apply to the name.
...
This flow will succeed if and only if the input Java Subject contains exactly one NameIDPrincipal in its Principal Principal collection.
General Configuration
...
The most important bean is shibboleth.ProxyNameTransformPredicate, which controls the circumstances under which the importing flow will be allowed to run. The bean itself must be a Predicate object. The example configuration demonstrates how to create a condition that requires the issuer be one of a listed set of named entities. But any Predicate can be used, such as a script. With some proxies, it's assumed that control over the metadata and allowable authenticating IdPs is sufficient to allow broad acceptance of whatever NameID value they happen to supply.
...
In the most unusual cases, V4.1 + adds support for injecting a custom object of your own creation that implements the NameIDDecoder interface to fully customize the decoding process. The bean name shibboleth.SAML2ProxyTransform.NameIDDecoder is reserved for this purpose.
Reference
Localtabgroup | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Properties related to this feature in conf/c14n/subject-c14n.properties follow:
The beans related to this feature in conf/c14n/subject-c14n.xml follow:
|