Using scoped attributes as the C14N subject
cantor.2 at osu.edu
Tue Aug 16 23:42:31 UTC 2022
On 8/16/22, 4:10 PM, "users on behalf of Wessel, Keith via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> Thanks, Scott. I can't unfortunately just add a scope back in with the regex
> transform in the C14N configuration because our userPrincipalNames can
> end with one of several different values, and I wouldn't know which to add
> back in.
I don't think it's worth it, but a custom c14n flow could interrogate the Subject to find the Kerberos credentials and probably derive the suffix from there.
But no, it's not sensible, I'd just flex the resolver.
More information about the users