...
| Anchor | ||||
|---|---|---|---|---|
|
The WebAuthn user name (user.name) is a human-palatable identifier for a user’s account a credential is associated with. This is separate from the internal username the IdP uses to store the credential against and is only used by the authenticator to help the user select the correct credential to authenticate with. It may be truncated by the authenticator to 64 bytes.
...
You may decide to pull this value from the attribute resolver. This is supported by an inbuild strategy, is supported by changing out of the box by utilizing a built-in strategy, which can be activated by modifying the following properties in conf/authn/webauthn.properties:
change the property idp.authn.webauthn.registration.name.strategy to reference the bean shibboleth.authn.webauthn.AttributeContextWebAuthnNameLookupStrategy.
ensure the attribute resolver is enabled after authentication, idp.authn.webauthn.admin.registration.resolveIdentityAttributes=true.
decide which attribute from the resolver context to use using idp.authn.webauthn.registration.name.attributeId.
Complete control over the strategy is possible by defining your own bean of type Function<ProfileRequestContext, String>.
User Display Name Population
...