Attribute resolution for private credentials in subject

joller lee joller.lee at
Wed Apr 6 20:19:43 EDT 2016

It's been quite a while, but someone reminded me that I hadn't posted my
solution here.
So, here is mime, and any better one is appreciated:

    <resolver:AttributeDefinition id="password" xsi:type="ad:Script">
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="" friendlyName="password"
encodeType="false" />
            subjectCtx =
            subject = subjectCtx.getSubjects()[0];


On Fri, Mar 11, 2016 at 9:02 AM, joller lee <joller.lee at> wrote:

> Oops, I just took a look at the source code and found the getName() method
> returns the password.
> I guess that is the way.
> On Fri, Mar 11, 2016 at 8:43 AM, joller lee <joller.lee at> wrote:
>> On Thu, Mar 10, 2016 at 10:42 PM, Cantor, Scott <cantor.2 at> wrote:
>>> > But now I get a Subject, in which I get one PasswordPrincipal as the
>>> private
>>> > credential, with the password being "<elided>".
>>> > That is not what I expected.
>>> > Is there anything missing?
>>> You're converting the object as a string, and that isn't how you would
>>> access the data inside it.
>> Sorry, but I didn't see any accessor to read the password field.
>> What is the correct way to access its value?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list