InvalidSubjectCanonicalizationContext error.

[Cantor, Scott]

On 8/13/15, 3:49 PM, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:



>I'll look at the action that's failing to see why, but basically something's probably off about the context tree when you transfer control off.

I would imagine that your flow is running when the ValidatePasswordAgainstLDAP action *doesn't* succeed. But your flow isn't triggering an error, so when control passes back, it's picking up where it would ordinarily go in the case that it did the work that the validate action does.

If you're meaning to *be* the login step in place of that built-in action, you would have to produce an AuthenticationResult and populate a SubjectCanonicalizationContext into the tree the same way AbstractValidationAction subclasses all do.

You don't have to use that class, but you have to do the work.

The basic requirement for login to succeed is to populate an AuthenticationResult (containing a Java Subject) into the PRC->AuthenticationContext and create and populate
PRC->SubjectCanonicalizationContext

(None of this is documented obviously, but that's what's involved in creating a custom login flow.)

Each login flow "primes" the tree and when the master authn flow picks up, it dispatches to the c14n subflow and that's where you're blowing up.

-- Scott