Azure AD Connector from IDP v4.1 - canonicalization failure
cantor.2 at osu.edu
Tue Aug 30 21:04:47 UTC 2022
On 8/30/22, 4:51 PM, "Wessel, Keith" <kwessel at illinois.edu> wrote:
> That’s not literally referring to the subject of the assertion.
Took me a second to find that text but I clarified it. Java Subject, not SAML Subject, obvious source of confusion in this context.
4.0 -> run the resolver, do extra stuff there to copy an IdPAttribute from the Subject using some very confusing settings because authentication isn't actually done yet
4.1+ -> look directly at Subject produced by SAML login flow and find an IdPAttributePrincipal inside it
Much simpler. Both are "attribute sourced", just no longer both "resolver sourced".
More information about the users