Hi, In a fediz SSO setup, I want to customize the subject NameID that is set in the SAML assertion of the WS-Federation response. The value shall be different from the username that is entered in the login form.
Similarly for the case where I configure kerberos authentication: here the default is to use the kerberos useridentifier which includes the Kerberos domain name - somthing that the relying parties are not interested in. Instead I'd either like to use some mapping in order to transform the Principal name similar to how it is done inside the ClaimsManager with the IdentityMapper abstraction. An alternative option would be to be able to configure a claim whose value should be used as the NameID value instead. I cannot seem to find an extension point that allows one or the other. Can someone tell if this this possible with fediz or suggest a good workaround if not? Kind Regards, Andreas
