Versions Compared

Old Version 6

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 7

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Current File(s): conf/c14n/subject-c14n.xml
Format: Native Spring

Table of Contents

Overview

Subject Canonicalization (often abbreviated as "c14n") is the process by which the IdP turns a "complex" representation of a subject identity (usually that of a user) into a simple username to normalize the value. Over time this mechanism may be applied to a variety of different scenarios, but initially there are two cases:

  1. Normalizing the authenticated Java Subject into a username (referred to as "post-login" canonicalization, see AuthenticationConfiguration)

  2. Mapping a SAML 1 <NameIdentifier> or SAML 2 <NameID> element into a username (referred to as NameID consumption, see NameIDConsumptionConfiguration)

The rest of this topic is mainly a high-level configuration reference. In most cases, the above topics are the ones to review when dealing with those specific use cases.

...

For further details, refer to the use case-specific topics noted earlier.

Reference

Localtabgroup
Localtab live
activetrue
titleBeans

Bean ID

Type

Function

shibboleth.PostLoginSubjectCanonicalizationFlows

List<SubjectCanonicalizationFlowDescriptor>

List of flow descriptors enumerating the c14n flows to run on the result of the login process

shibboleth.SAMLSubjectCanonicalizationFlows

List<NameIDCanonicalizationFlowDescriptor>

List of flow descriptors enumerating the c14n flows to run on incoming Name Identifiers