Returning an AuthnContextDecl using Sibboleth3 external auth

Stefan Santesson stefan at
Tue May 12 04:26:35 EDT 2015


We are testing Shibboleth3 IdP in the Swedish national federation and I¹m
stuck in my efforts to return an AuthnContextDecl and even setting the
appropriate AuthnContextClassRef from my external auth servlet to the
Shibboleth3 IdP.
On the input side to the external auth servlet I have more than I need. The
key here for me is the profileRequestContext request attribute providing the
full AuthnRequest.
The content of the request will influence the processing in the IdP and I¹m
supposed to return both the actually performed AuthnContextClassRef, but
even more importantly, result data in a AuthnContextDecl.

I can¹t find how to return this data to the IdP for inclusion in the
In Shibboleth2 IdP I could influence the AuthnContextClassRef through the
now deprecated authnMethod attribute.

Is the input request attributes also working as output request attributes,
that is, can I return a profileRequestContext to the IdP with the data
above? (it seems to have an outbountMessageContext)
If so, How am I supposed to include the data in this generic object?
Or can I do this some other way?

Thanks for any help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list