Hello, we have a bunch of IDP which are connected to our CAS instance via OIDC delegated auth. additionally we have around 70 Services which are using our CAS instance as SSO "CasRegisteredService" or "OidcRegisteredService".
For customers, it's possible to decide which IDP to use, or do some auto resolve, via URL. Everything works perfectly fine. During onboarding of new IDP's we came across an IDP which uses no form of GUID, or other steps to make sure that the "sub" of the Identiy Token is unique outside of the IDP scope. Is there an possibility to configure that the received sub is enriched, to minimize the risk of collisions, with another IDP. If there is no possibility to to it already, would that be something usefull to make PR? br -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bd94de1d-551e-41d7-a337-47216c9a07ffn%40apereo.org.
