Use group for MFA

Cantor, Scott cantor.2 at
Thu May 11 19:43:23 EDT 2017

On 5/11/17, 6:41 PM, "users on behalf of Andrew Morgan" <users-bounces at on behalf of morgan at> wrote:

>> The only thing it doesn't show at the moment is it populating the 
>> attribute "recipient" name which some people want to use in their 
>> resolver scripts but most don't need it.
>What are you talking about here regarding "recipient"?  I don't see that 
>word in the wiki example...

I was saying it's *not* in the example, there are threads in the archive about the relying party name not being populated in the resolver when it runs this way. Getting it set requires calling the setAttributeRecipient method on the AttributeResolutionContext it's setting up in the script and I was saying the example(s) don't show that at the moment.

The issue I've mentioned in the past is that you don't need to do weird things in the resolver scripts. If you need the relying party name populated for scripts there to work, it can just be populated into the context by the MFA rule running the resolver, rather than having to add weird look-aside code in the resolver scripts.

-- Scott

More information about the users mailing list