Transform SessionInitiator
Advanced Configuration
Note, this is an advanced configuration feature. Most deployments can rely on the <SSO>
 shorthand element.
Identified by type="Transform"
, this initiator transforms an entityID
 according to a set of permutations until IdP metadata can be found. No specific protocol support is assumed; the first entityID
 for which a valid <md:IDPSSODescriptor>
 can be found terminates the handler's activity.
This handler doesn't actually cause a response to the browser, but it generally runs first in a chain, and allows the entityID to be manipulated before other handlers run. It serves a variety of purposes, from transforming user input into an entity to acting as a kind of "redirect" mechanism that turns one entityID into another.
Attributes
Common Attributes
Specific Attributes
Name | Type | Default | Description |
---|---|---|---|
alwaysRun | boolean | false | If false, the initial entityID value is looked up, and if metadata is found, the handler exits. Set to true to perform at least one transform on even valid entityID values. |
Child Elements
Name | Cardinality | Description | |
---|---|---|---|
<Subst> | 0 or more | Simple transform whose element content consists of a string containing the substring | |
<Regex> | 0 or more | Complex transform containing a |
Query String ParametersÂ
The following can be provided via the Initiator Protocol
Common Parameters
Specific Parameters
There are no protocol specific parameters
Example
The example tries a sequence of transforms that allows any of the following to be turned into an InCommon IdP name (currently a URN containing a domain name):
the domain name itself (e.g.
osu.edu
)an email address from the domain (e.g.
foo@osu.edu
)a subdomain of the domain (e.g.
law.osu.edu
)
<SessionInitiator type="Transform">
<Subst>urn:mace:incommon:$entityID</Subst>
<Regex match=".+@(.+)">urn:mace:incommon:$1</Regex>
<Regex match="^[^.]+\.(.+)">urn:mace:incommon:$1</Regex>
</SessionInitiator>