This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of wshen wshen 1 week, 2 days ago.

  • Author
    Posts
  • #15845
    Profile photo of wshen wshen 
    Participant

    We are using OpenAM 13 as SAML2 IdP, backed by Active Directory as data store. One of the SP requires NameID or a SAML attribute in the format of domain/userid, by using Active Directory global catalog, we are able to use AD “msDS-PrincipalName” to return domain\sAMAccountName. Is there easy way to turn the backslash to forward slash in the SAML2 IdP?

    I’m trying to avoid extending com.sun.identity.saml2.plugin.DefaultIDPAttributeMapper. It looks like an overkill to write a java class, compile, package, deploy to openam/WEB-INF/lib and bounce server for such a simple task.

    Thanks,
    -Wei

    #15847
    Profile photo of Peter Major Peter Major 
    Moderator

    A custom attribute mapper impl is the only way to go.

    #15867
    Profile photo of wshen wshen 
    Participant

    Well, the sad news is com.sun.identity.saml2.plugin.DefaultIDPAttributeMapper does not offer much extension point per say. Pretty much have to copy all the code from super class to add the modification. A simple String.replace() turns into 300+ lines of copy&paste java code.

    • This reply was modified 1 week, 2 days ago by Profile photo of wshen wshen.
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?