Using scoped attributes as the C14N subject
Cantor, Scott
cantor.2 at osu.edu
Tue Aug 16 23:42:31 UTC 2022
On 8/16/22, 4:10 PM, "users on behalf of Wessel, Keith via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> Thanks, Scott. I can't unfortunately just add a scope back in with the regex
> transform in the C14N configuration because our userPrincipalNames can
> end with one of several different values, and I wouldn't know which to add
> back in.
I don't think it's worth it, but a custom c14n flow could interrogate the Subject to find the Kerberos credentials and probably derive the suffix from there.
But no, it's not sensible, I'd just flex the resolver.
-- Scott
More information about the users
mailing list