Using scoped attributes as the C14N subject

Cantor, Scott cantor.2 at
Tue Aug 16 23:42:31 UTC 2022

On 8/16/22, 4:10 PM, "users on behalf of Wessel, Keith via users" <users-bounces at on behalf of users at> wrote:

>    Thanks, Scott. I can't unfortunately just add a scope back in with the regex
> transform in the C14N configuration because our userPrincipalNames can
> end with one of several different values, and I wouldn't know which to add
> back in. 

I don't think it's worth it, but a custom c14n flow could interrogate the Subject to find the Kerberos credentials and probably derive the suffix from there.

But no, it's not sensible, I'd just flex the resolver.

-- Scott

More information about the users mailing list