We are using OpenAM 13 as SAML2 IdP, backed by Active Directory as data store. One of the SP requires NameID or a SAML attribute in the format of domain/userid, by using Active Directory global catalog, we are able to use AD “msDS-PrincipalName” to return domain\sAMAccountName. Is there easy way to turn the backslash to forward slash in the SAML2 IdP?
I’m trying to avoid extending com.sun.identity.saml2.plugin.DefaultIDPAttributeMapper. It looks like an overkill to write a java class, compile, package, deploy to openam/WEB-INF/lib and bounce server for such a simple task.
Well, the sad news is com.sun.identity.saml2.plugin.DefaultIDPAttributeMapper does not offer much extension point per say. Pretty much have to copy all the code from super class to add the modification. A simple String.replace() turns into 300+ lines of copy&paste java code.