My MFA script is clearing the list of requested attributes

[Wessel, Keith]

Hi, all,

I've got the following code in my MFA configuration that, when executed, seems to be clearing the list of requested attributes. That is to say that, after it executes, no attributes are getting returned to the SP after successful authentication. Obviously, and using a basis of the example shipped with the IdP, this is getting the attribute that tells which methods a user is allowed to use.

                resCtx = input.getSubcontext(
                    "net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext", true);
                resCtx.setPrincipal(custom["usernameLookup"].apply(input));
                resCtx.getRequestedIdPAttributeNames().add("assurance");
                resCtx.resolveAttributes(custom["attributeResolver"]);

                attribute = resCtx.getResolvedIdPAttributes().get("assurance");
                valueType = Java.type("net.shibboleth.idp.attribute.StringAttributeValue");

The issue might be this line later in the script, that has a comment about cleanup:

input.removeSubcontext(resCtx);

...though I don't think that's the problem, and I assumed that was needed deletion of an instantiated subcontext that would otherwise hang around after execution.

Any thoughts what's causing the list of requested attributes to be blanked out by the time the authentication flow finishes?

Thanks,
Keith