Azure AD Connector from IDP v4.1 - canonicalization failure
Cantor, Scott
cantor.2 at osu.edu
Tue Aug 30 21:04:47 UTC 2022
On 8/30/22, 4:51 PM, "Wessel, Keith" <kwessel at illinois.edu> wrote:
> That’s not literally referring to the subject of the assertion.
Took me a second to find that text but I clarified it. Java Subject, not SAML Subject, obvious source of confusion in this context.
4.0 -> run the resolver, do extra stuff there to copy an IdPAttribute from the Subject using some very confusing settings because authentication isn't actually done yet
4.1+ -> look directly at Subject produced by SAML login flow and find an IdPAttributePrincipal inside it
Much simpler. Both are "attribute sourced", just no longer both "resolver sourced".
-- Scott
More information about the users
mailing list