Wessel, Keith kwessel at
Thu Aug 19 00:23:03 UTC 2021

Thanks, Scott. That was my suspicion: a validator that matches against a pattern, not a string replacer. If I want to do replacement like pulling off domains, I still have to use the bean definition.

Much appreciated,

-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Wednesday, August 18, 2021 5:13 PM
To: Shib Users <users at>
Subject: Re: idp.authn.Password.matchExpression

>    The wiki is a bit vague on this property in and 
> the matchExpression properties for other authn flows. Is this just an 
> expression that the IdP will match against, or can I use it to do removal/addition of components?

No, it's just a regex matcher. The transforms settings do replacements. The point of this setting is to optimize chains of validators by skipping them based on username format (that's from memory, I think that's what it was for).

-- Scott

For Consortium Member technical support, see;!!DZ3fjg!qtYG7O03VmnYanSeXakKOdgMC-FgbFLTOcC0271YBjf1WgRujLfYA6gc7yLLt1fF9w$
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list