...
A configuration shortcut allows for the values from any IdPAttribute objects contained inside IdPAttributePrincipal objects to be pulled out, which is an effective way to tunnel attribute data from outside the IdP provided by the External authentication flow.
Reference
| Localtabgroup | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| active | true
| -live | ||
|---|---|---|
|
The source of the Subject(s) to evaluate is controlled with:
Name | Type | Default | Description |
|---|---|---|---|
forCanonicalization | Boolean | false | If true, a Subject undergoing SubjectCanonicalization is used as input rather than the default of looking for authenticated Subjects. |
Exactly one of the following must be provided (but not both):
Name | Type | Description |
|---|---|---|
principalAttributeName | String | The name of an IdPAttribute found inside an IdPAttributePrincipal contained in one of the authenticated Subject(s) |
attributeValuesFunctionRef | Bean ID | The name of a Spring Bean implementing Function<Principal,List<IdPAttributeValue>>, this function will be invoked for each Principal found within the authenticated Subject(s), instead of relying on default behavior |
| Localtab-live | ||
|---|---|---|
|
| Include Page | ||||
|---|---|---|---|---|
|
| Localtab-live | ||
|---|---|---|
|
<InputAttributeDefinition> or <InputDataConnector> child elements since the information is not resolved from a dependency. If any are supplied, then they are ignoredAt least one dependency element is required.
| Include Page | ||||
|---|---|---|---|---|
|
Examples
The following locates an IdPAttribute named "Whatever" in an authenticated Subject and turns it into a new IdPAttribute named "SomethingElse".
...