Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Subject Canonicalization (often abbreviated as "c14n") is the process by which the IdP turns a "complex" representation of a subject identity (usually that of a user) into a simple username to normalize the value. Over time this mechanism may be applied to a variety of different scenarios, but initially there are two cases:

  1. Normalizing the authenticated Java Subject into a username (referred to as "post-login" canonicalization, see AuthenticationConfiguration)

  2. Mapping a SAML 1 <NameIdentifier> or SAML 2 <NameID> element into a username (referred to as NameID consumption, see NameIDConsumptionConfiguration)

The rest of this topic is mainly a high-level configuration reference. In most cases, the above topics are the ones to review when dealing with those specific use cases.