Current File(s): conf/c14n/subject-c14n.properties, conf/c14n/subject-c14n.xml
Format: Properties, Native Spring
Table of Contents |
---|
Overview
The c14n/x500 “x500” post-login subject canonicalization flow c14n method extracts a username from a Java Subject that contains either a single X509Certificate object in the public credentials set or a single X500Principal in the Principal set. It is primarily designed to work in conjunction with the X509 or X509Internal login flows (i.
...
e., certificate-based authentication).
Configuration
Method Settings
Use conf/c14n/subject-c14n.properties to configure this flowmethod.
If your system is has been upgraded, you may continue to use conf/c14n/x500-subject-c14n-config.xml as before, or you may remove it, while ensuring the new properties are being loaded.
...
By default, the only transform applied to the result is a trim of leading or trailing whitespace. Case-folding and regular expression replacements can be added, per the reference section below.
Enabling this Method
Expand | ||
---|---|---|
| ||
In V5.2+, this method is enabled by setting a per-login-flow property in conf/authn/authn.properties that references it. The default bean ID of this method is “c14n/x500”, so enabling it for a login flow looks like:
|
It is possible to configure two instances of this method at the same time with different settings. The default instance is configured with a set of global properties, so defining a second instance of it with different settings requires adding a bean to conf/c14n/subject-c14n.xml. This bean can be defined at the top level of the file and needs a unique ID to reference in the login flow property example above. It does not have to carry the “c14n/” prefix but this is useful for clarity.
As an example, to define a second instance with a rule to lower case the input (without applying that same rule to the default instance of course):
Code Block |
---|
<beanid="c14n/x500-lower"parent="c14n/x500"
p:lowercase="true" /> |
That then allows you to reference “c14n/x500-lower” in a login flow’s property as above.
Reference
Expand | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
The following bean may be defined in conf/subject-c14n.xml if needed:
|
...