Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
COmanage Registry 3.1.0 (Hidden Gem)
-
None
Description
The proposed convention for version 3.1 is
Note that names are treated specially, since they have multiple components. The specified variable will be appended with _HONORIFIC, _GIVEN, _MIDDLE, _FAMILY, or _SUFFIX to generate the variable name for the appropriate component. For example, if the variable name ENV_OIS_NAME is specified, ENV_OIS_NAME_GIVEN will be used for the first/given name.
This will not work with mod_auth_openidc and standard OIDC claims given_name and family_name.
If the convention where changed to
The specified variable will be appended with _honorific, _given_name, _family_name, or _suffix to generate...
then the convention would work with mod_auth_openidc and the standard claims given_name and family_name.
Deployers using Shibboleth or SimpleSAMLphp have more flexibility in how SAML attributes asserted are set in the Apache environment and should be able to adapt to this convention, but mod_auth_openidc does not have a way to change the name of the standard claims. It only allows the prefix to be set with the default prefix being OIDC_.