Backport PLINK-405
Functionality can be enabled as shown here: <valve> <class-name>org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve</class-name> <param> <param-name>passUserPrincipalToAttributeManager</param-name> <param-value>true</param-value> </param> </valve>
Reproducer notes for hashed user principal PL issue: idp.war/WEB-INF/picketlink.xml (set the AttributeManager): <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1"> <PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1" AttributeManager="org.picketlink.identity.federation.bindings.jboss.attribute.JBossAppServerAttributeManager" StrictPostBinding="true"> idp.war/WEB-INF/jboss-web.xml: <valve> <class-name>org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve</class-name> <param> <param-name>passUserPrincipalToAttributeManager</param-name> <param-value>true</param-value> </param> </valve> standalone.xml: <mapping> <mapping-module code="org.jboss.security.mapping.providers.attribute.LdapAttributeMappingProvider" type="attribute"> ="java.naming.provider.url" value="ldaps://imatestldapserver.redhat.com"/> <module-option name="bindDN" value="uid=imauser,dc=test,dc=redhat,dc=com"/> <module-option name="bindCredential" value="imapassword"/> <module-option name="baseCtxDN" value="ou=users,dc=test,dc=redhat,dc=com"/> <module-option name="baseFilter" value="(uid={0})"/> <module-option name="attributeList" value="mail,cn,sn,UserType"/> <module-option name="searchTimeLimit" value="10000"/> </mapping-module> </mapping>
Verified in 6.3.0.ER2