...
The c14n/x500 post-login subject canonicalization flow extracts a username from a Java Subject that contains either a single X509Certificate object in the public credentials set or a single X500Principal in the Principal set. It is primarily designed to work in conjunction with the X509 or X509Internal login flows.
General Configuration
| Localtabgroup |
|---|
localtab-live| Expand |
|---|
|
Use conf/c14n/x500-subject-c14n-config.xml to configure this flow. | Localtab live |
|---|
| active | true
|---|
| Expand |
|---|
|
Use conf/c14n/subject-c14n.properties to configure this flow. If your system is upgraded, you may continue to use conf/c14n/x500-subject-c14n-config.xml as before, or you may remove it, while ensuring the new properties are being loaded. The regular expression replacement feature is the only one remaining that still requires XML and you may define that bean, if needed, in conf/c14n/subject-c14n.xml |
...
By default, the only transform applied to the result is a trim of leading or trailing whitespace. Case-folding and regular expression replacements can be added, per the reference section below.
Reference
| Localtabgroup |
|---|
localtab-live| Expand |
|---|
|
The beans defined in conf/c14n/x500-subject-c14n-config.xml follow: Bean ID | Type | Default | Description |
|---|
shibboleth.c14n.x500.SubjectAltNameTypes | List<Integer> | | A list of subjectAltName extension types to look for | shibboleth.c14n.x500.ObjectIDs | List<String> | 2.5.4.3 | A list of attribute OIDs to search for in the subject DN | shibboleth.c14n.x500.Lowercase | Boolean | false | Whether to lowercase the username | shibboleth.c14n.x500.Uppercase | Boolean | false | Whether to uppercase the username | shibboleth.c14n.x500.Trim | Boolean | true | Whether to trim leading and trailing whitespace from the username | shibboleth.c14n.x500.Transforms | Pair<String,String> | | Pairs of regular expressions and replacement expressions to apply to the username |
|
| Expand |
|---|
|
The following bean may be defined in conf/subject-c14n.xml if needed: Bean ID | Type | Description |
|---|
shibboleth.c14n.x500.Transforms | Pair<String,String> | Pairs of regular expressions and replacement expressions to apply to the username |
| Localtab live |
|---|
| active | true
|---|
| Expand |
|---|
|
The following properties are commented out in conf/c14n/subject-c14n.properties: Name | Type | Default | Description |
|---|
idp.c14n.x500.subjectAltNameTypes | List<Integer> | | Comma-delimited list of subjectAltName extension types to look for | idp.c14n.x500.objectIDs | List<String> | 2.5.4.3 | Comma-delimited list of attribute OIDs to search for in the subject DN | idp.c14n.x500.lowercase | Boolean | false | Whether to lowercase the username | idp.c14n.x500.uppercase | Boolean | false | Whether to uppercase the username | idp.c14n.x500.trim | Boolean | true | Whether to trim leading and trailing whitespace from the username |
|