My MFA script is clearing the list of requested attributes

Wessel, Keith kwessel at illinois.edu
Tue May 30 17:17:59 EDT 2017 

Alright, I've confirmed that the attribute resolution context is being initialized twice as expected if the if-block with the code to query the assurance attribute is executed. The first time, from my MFA script, the only attribute listed that's being resolved is my assurance attribute. The second time, the list is the same: just the assurance attribute.

If the if-block isn't executed and no attribute resolution is done within my MFA script, of course, the attribute resolution context is only initialized once. When it's initialized, the list of attributes that my SP should be getting is there in full.

So, it would appear that the value that I'm adding to the list of attributes to resolve in my MFA script is clearing the list of requested attributes.

Is this a bug or something my MFA script should be doing differently?

Keith


-----Original Message-----
From: Wessel, Keith 
Sent: Tuesday, May 30, 2017 3:11 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: My MFA script is clearing the list of requested attributes

Scott,

If, by clearing, you mean:

input.removeSubcontext(resCtx);

Yes, I was calling that at the end of my function. However, I commented it out, and it's still not sending attributes through to my SP.

I'll turn up logging for net.shibboleth.idp to DEBUG and see what we get.

Thanks,
Keith


-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Monday, May 29, 2017 10:35 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: My MFA script is clearing the list of requested attributes

On 5/27/17, 6:54 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

> What logging categories might I turn up to tell me why this is happening?

Are you clearing the AttributeResolutionContext like the example does, or not? It shouldn't really matter but it's possible that's not true.

The attribute resolution is logged in a lot of detail on DEBUG so it should be pretty apparent if it's running both times.

-- Scott


-- 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list