Using scoped attributes as the C14N subject
Wessel, Keith
kwessel at illinois.edu
Tue Aug 16 17:09:04 UTC 2022
Hi, all,
We've been using just a username as a subject up until now in our IdP, but we want to change to a userPrincipalName which is scoped. I've tried just changing to the scoped attribute in our subject-c14n.properties and, obviously, updating LDAP queries in DataConnectors that use the principal, but for some reason, the scope is getting deropped during subject resolution:
DEBUG [net.shibboleth.idp.attribute.resolver.AbstractDataConnector:229] - Data Connector 'azurePassthroughAttributes': Attribute 'azureName': Values '[ScopedStringAttributeValue{value=kwessel, scope=illinois.edu}]'
But it seems to be dropping the scope:
DEBUG [net.shibboleth.idp.authn.impl.AttributeSourcedSubjectCanonicalization:239] - Profile Action AttributeSourcedSubjectCanonicalization: Using attribute azureName string value kwessel as input to transforms
I have the regex commented out in subject-c14n.xml and, even if I didn't, I'd be expecting to see the full scoped string passed in as input to the transforms.
Is there something wrong with how I have azureName defined in my attribute registry? What am I missing here?
Thanks,
Keith
More information about the users
mailing list