Username transforms and login page

Ian Bobbitt ibobbitt at
Mon Aug 27 09:43:20 EDT 2018

I'm using the Kerberos password authentication flow with a non-default Kerberos realm. I'm using a regex in
shibboleth.authn.Password.Transforms to append the Kerberos realm, and a simple subject c14n to take it back off at the
end. This works, except I get the intermediate username out of this in the view:

set ($username = $authenticationContext.getSubcontext('net.shibboleth.idp.authn.context.UsernamePasswordContext',

I can just not include the username on the login form after an error, but is there an easy way I can have the best of
both, or a different way I should be routing the login to the proper Kerberos realm?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4090 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the users mailing list