shibboleth.c14n.attribute.PrincipalNameLookupStrategy bean
Cantor, Scott
cantor.2 at osu.edu
Thu Feb 16 12:31:55 EST 2017
> If I modify the Password flow to strip the domain and lowercase the
> username, do I need to perform post-authn canonicalization? Will the
> transformed username be used for everything downstream?
The password flow always runs c14n, if you don't need it to actually do anything just leave that config defaulted, it uses "simple".
> I was reading more about post-authn canonicalization last night, and I
> realized that the "simple" transform is all I needed there. I didn't
> realize the Password flow had similar features.
It doesn't extend all the way to arbitrary logic, I didn't see the point of having to make that sort of extension point part of every login flow's implementation, thus c14n is separate. Simple transforms, eh, whatever.
-- Scott
More information about the users
mailing list