Versions Compared

Version Old Version 3 New Version Current
Changes made by

Scott Cantor

Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Current File(s): conf/c14n/subject-c14n.properties, conf/c14n/subject-c14n.xml
Format: Properties, Native Spring

...

Expand
titleV5.2+

In V5.2+, this method is enabled by setting a per-login-flow property in conf/authn/authn.properties that references it. The default bean ID of this method is “c14n/simple”, so enabling it for a login flow looks like:

Code Block
languagenone
idp.authn.Password.c14n.flows = c14n/simple

It is possible to configure two instances of this method at the same time with different settings. The default instance is configured with a set of global properties, so defining a second instance of it with different settings requires adding a bean to conf/c14n/subject-c14n.xml. This bean can be defined at the top level of the file and needs a unique ID to reference in the login flow property example above. It does not have to carry the “c14n/” prefix but this is useful for clarity.

As an example, to define a second instance with a rule to lower case the input (without applying that same rule to the default instance of course):

Code Block
languagexml
<bean id="c14n/simple-lower" parent="c14n/simple"
  p:
TBD
lowercase="true" />

That then allows you to reference “c14n/simple-lower” in a login flow’s property as above.

Expand
titleOlder Versions and Pre-5.2 Plugins

In older versions, this method is generally enabled for you by default by virtue of a reference to the bean in the shibboleth.PostLoginSubjectCanonicalizationFlows list in conf/c14n/subject-c14n.xml:

Code Block
languagexml
    <util:list id="shibboleth.PostLoginSubjectCanonicalizationFlows">
        <ref bean="c14n/simple" />
    </util:list>

Most often it shows up last in the list and doesn’t hurt anything to leave enabled, but the reference could be removed if not in use.

Reference

The following bean may be defined in conf/subject-c14n.xml if needed:
Expand
titleBeans

Bean ID

Type

Description

c14n/simple

SimpleSubjectCanonicalization

Built-in instance of this method, auto-configured by properties and other beans as described. V5.2+ allows reuse of this bean as a parent to define additional instances of this method with different settings.

shibboleth.c14n.simple.Transforms

Pair<String,String>

Pairs of regular expressions and replacement expressions to apply to the username

...