The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
X500PostLoginC14NConfiguration
Current File(s): conf/c14n/x500-subject-c14n-config.xml
Format: Native Spring
Overview
The c14n/x500 post-login subject canonicalization flow extracts a username from a Java Subject that contains either a single X509Certificate in the public credentials set or a single X500Principal in the Principal set. It is primarily designed to work in conjunction with the X509 or X509Internal login flows.
General Configuration
Use conf/c14n/x500-subject-c14n-config.xml to configure this flow.
By default, the subject DN is searched for a "CN" RDN attribute (with OID 2.5.4.3). You can configure alternative attributes to search for, or give preference to subjectAltName extensions (if an X509Certificate is present).
By default, the only transform applied to the result is a trim of leading or trailing whitespace. Case-folding and regular expression replacements can be added, per the reference section below.
Reference
Beans
The beans defined in conf/c14n/x500-subject-c14n-config.xml follow:
Bean ID | Type | Default | Function |
|---|---|---|---|
shibboleth.c14n.x500.SubjectAltNameTypes | List<Integer> |
| A list of subjectAltName extension types to look for |
shibboleth.c14n.x500.ObjectIDs | List<String> |
| A list of attribute OIDs to search for in the subject DN |
shibboleth.c14n.x500.Lowercase | Boolean | false | Whether to lowercase the username |
shibboleth.c14n.x500.Uppercase | Boolean | false | Whether to uppercase the username |
shibboleth.c14n.x500.Trim | Boolean | true | Whether to trim leading and trailing whitespace from the username |
shibboleth.c14n.x500.Transforms | Pair<String,String> |
| Pairs of regular expressions and replacement expressions to apply to the username |