...
Expand | ||||
---|---|---|---|---|
| ||||
In V5.2+, this method is enabled by setting a per-login-flow property in conf/authn/authn.properties that references it. The default bean ID of this method is “c14n/x500”, so enabling it for a login flow looks like:
It is possible to configure two instances of this method at the same time with different settings. The default instance is configured with a set of global properties, so defining a second instance of it with different settings requires adding a bean to conf/c14n/subject-c14n.xml. This bean can be defined at the top level of the file and needs a unique ID to reference in the login flow property example above. It does not have to carry the “c14n/” prefix but this is useful for clarity. As an example, to define a second instance with a rule to lower case the input (without applying that same rule to the default instance of course):
That then allows you to reference “c14n/x500-lower” in a login flow’s property as above. |
Expand | ||
---|---|---|
| ||
In older versions, this method is generally enabled for you by default by virtue of a reference to the bean in the shibboleth.PostLoginSubjectCanonicalizationFlows list in conf/c14n/subject-c14n.xml:
Most often it shows up last in the list and doesn’t hurt anything to leave enabled, but the reference could be removed if not in use. |
...