One approach to removing the
...
realm from the Principal name returned by Kerberos
Credit should be given to Paul Caskey who provided this approach in July, 2008. There are likely other approaches, but this does work.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<!-- this attribute just returns the username as logged in via JAAS -->
<resolver:AttributeDefinition id="principal" xsi:type="PrincipalName"
dependencyOnly="true" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
<resolver:AttributeEncoder xsi:type="SAML2StringNameID"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
</resolver:AttributeDefinition>
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<!-- This attribute is the above principal name with the kerb realm
(e.g. CAMPUS.EDU) split out via regex -->
<resolver:AttributeDefinition xsi:type="RegexSplit" dependencyOnly="true"
xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="regex_principal_split"
sourceAttributeID="principal" regex="^(.*?)@CAMPUS.EDU$">
<resolver:Dependency ref="principal" />
</resolver:AttributeDefinition>
|
...