IDP access to "RequesterID" ?
Michael A Grady
mgrady at unicon.net
Tue May 23 11:32:44 EDT 2017
> On May 23, 2017, at 9:21 AM, Cantor, Scott <cantor.2 at OSU.EDU> wrote:
>
>> It would be awesome if we didn't have to consider all of the proxied SPs to
>> be the same SP. Does the IDP have access to the Scoping element (and the
>> RequesterID element inside of it) in a place that it could be used for making
>> decisions?
>
> We don't to my knowledge extract it but the AuthnRequest is in the inbound message context, which pretty much everything can access via the ProfileRequestContext so it's certainly accessible to scripts or code.
>
> Assuming there are some obvious places where one might want to operate on it, just file RFEs.
>
> -- Scott
>
Someone at Unicon had need to get at that, and I'm told (haven't tried it yet myself) that they got to it (omitting any error checking before referencing) via this:
((ProfileRequestContext)context).getInboundMessageContext().getScoping().getRequesterIDs();
--
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170523/e72aaabf/attachment.html>
More information about the users
mailing list