...
A c14n flow is a subflow that is assigned a flow ID that starts with "c14n/" and is further defined to the system with a bean of type net.shibboleth.idp.authn.SubjectCanonicalizationFlowDescriptor in a list in conf/c14n/subject-c14n.xml.
| Note |
|---|
While you may deliver a custom flow in a relatively "drop-in", self-contained jar, you MAY NOT manipulate the state of the IdP at runtime to install the necessary descriptor bean because it is impossible to guarantee that your modification will take place early enough to be seen by other objects in the system. There is no publically supported mechanism to extend any of the beans defined inside the "root" web app context, and so you MUST rely on the deployer making the necessary adjustments to define custom flows to the system via the associated type of FlowDescriptor. |
Internal Contract
C14n flows must interact with the system by accessing and mutating the context tree in specific ways.
...
The following events worthy of special note may occur as a result of invoking the subsystem:
| proceed | Successful c14n. |
| NoPotentialFlow | No c14n flow is configured for use or was able to operate on the input. |
| SubjectCanonicalizationError | The input was recognized but an error occurred trying to operate on it. |
Various other events signifying more low-level error conditions may also occur.
...