Advanced ConfigurationNote, this is an advanced configuration feature. Most deployments can rely on the |
Identified by type="Transform"
, this initiator transforms an entityID
according to a set of permutations until IdP metadata can be found. No specific protocol support is assumed; the first entityID
for which a valid <md:IDPSSODescriptor>
can be found terminates the handler's activity.
This handler doesn't actually cause a response to the browser, but it generally runs first in a chain, and allows the entityID to be manipulated before other handlers run. It serves a variety of purposes, from transforming user input into an entity to acting as a kind of "redirect" mechanism that turns one entityID into another.
Name | Type | Default | Description |
---|---|---|---|
alwaysRun | boolean | false | If false, the initial entityID value is looked up, and if metadata is found, the handler exits. Set to true to perform at least one transform on even valid entityID values. |
Name | Cardinality | Description | |
---|---|---|---|
<Subst> | 0 or more | Simple transform whose element content consists of a string containing the substring | |
<Regex> | 0 or more | Complex transform containing a |
The following can be provided via the Initiator Protocol
There are no protocol specific parameters
The example tries a sequence of transforms that allows any of the following to be turned into an InCommon IdP name (currently a URN containing a domain name):
the domain name itself (e.g. osu.edu
)
an email address from the domain (e.g. foo@osu.edu
)
a subdomain of the domain (e.g. law.osu.edu
)
<SessionInitiator type="Transform"> <Subst>urn:mace:incommon:$entityID</Subst> <Regex match=".+@(.+)">urn:mace:incommon:$1</Regex> <Regex match="^[^.]+\.(.+)">urn:mace:incommon:$1</Regex> </SessionInitiator> |