shibboleth.c14n.attribute.PrincipalNameLookupStrategy bean

Cantor, Scott cantor.2 at osu.edu
Thu Feb 16 12:31:55 EST 2017


> If I modify the Password flow to strip the domain and lowercase the
> username, do I need to perform post-authn canonicalization?  Will the
> transformed username be used for everything downstream?

The password flow always runs c14n, if you don't need it to actually do anything just leave that config defaulted, it uses "simple".

> I was reading more about post-authn canonicalization last night, and I
> realized that the "simple" transform is all I needed there.  I didn't
> realize the Password flow had similar features.

It doesn't extend all the way to arbitrary logic, I didn't see the point of having to make that sort of extension point part of every login flow's implementation, thus c14n is separate. Simple transforms, eh, whatever.

-- Scott



More information about the users mailing list