...
Subject Canonicalization (often abbreviated as "c14n") is the process by which the IdP turns a "complex" representation of a subject identity (usually that of a user) into a simple username to normalize the value. Over time this mechanism may be applied to a variety of different scenarios, but initially there are two cases:
Normalizing the authenticated Java Subject into a username (referred to as "post-login" canonicalization, see AuthenticationConfiguration)
Mapping a SAML 1
<NameIdentifier>
or SAML 2<NameID>
element into a username (referred to as NameID consumption, see NameIDConsumptionConfiguration)
The rest of this topic is mainly a high-level configuration reference. In most cases, the above topics are the ones to review when dealing with those specific use cases.
...