We are using OpenAM 13 as SAML2 IdP, backed by Active Directory as data store. One of the SP requires NameID or a SAML attribute in the format of domain/userid, by using Active Directory global catalog, we are able to use AD “msDS-PrincipalName” to return domain\sAMAccountName. Is there easy way to turn the backslash to forward slash in the SAML2 IdP?
I’m trying to avoid extending com.sun.identity.saml2.plugin.DefaultIDPAttributeMapper. It looks like an overkill to write a java class, compile, package, deploy to openam/WEB-INF/lib and bounce server for such a simple task.
Well, the sad news is com.sun.identity.saml2.plugin.DefaultIDPAttributeMapper does not offer much extension point per say. Pretty much have to copy all the code from super class to add the modification. A simple String.replace() turns into 300+ lines of copy&paste java code.
ForgeRock builds secure relationships across the modern Web including cloud, social, mobile, and enterprise environments. ForgeRock can extend identities to any “thing” connected to the Internet. We support mission-critical operations with a fully open source platform.
Our customers are recognized market leaders such as GEICO, salesforce.com, Thomson Reuters, McKesson, and Vantiv, as well as governments building out
online services for their citizens, such as the Government of Norway.