Current File(s): conf/c14n/x500-subject-c14n-config.xml (V4.0), conf/c14n/subject-c14n.properties (V4.1+)
Format: Native Spring, Properties (V4.1+)
Overview
The c14n/x500 post-login subject canonicalization flow extracts a username from a Java Subject that contains either a single X509Certificate object in the public credentials set or a single X500Principal in the Principal set. It is primarily designed to work in conjunction with the X509 or X509Internal login flows.
General Configuration
By default, the subject DN is searched for a "CN" RDN attribute (with OID 2.5.4.3). You can configure alternative attributes to search for, or give preference to subjectAltName extensions (if an X509Certificate is present).
By default, the only transform applied to the result is a trim of leading or trailing whitespace. Case-folding and regular expression replacements can be added, per the reference section below.