Accessing user attributes in login flow views

Ian Bobbitt ibobbitt at
Fri Jul 20 16:30:09 EDT 2018

On 7/20/18 2:54 PM, Cantor, Scott wrote:
> On 7/20/18, 2:50 PM, "users on behalf of Ian Bobbitt" <users-bounces at on behalf of ibobbitt at> wrote:
>> Is it possible to access resolved user attributes from login flow views?
>> I would like to be able to only render "login via $other_2nd_factor_solution" for users who can complete that method.
>> By the time the views I want to do this on run, the user principal is already populated, and the MFA script has already
>> resolved the attribute I need to look at.
> You can always access anything you yourself have put into the context tree, you just walk into it from the profileRequestContext variable if there's no faster route to it.
> The only trick to bear in mind is that you can get into the subcontexts without needing access to the context's Java class object by calling getSubcontext("classname"), putting the class' name into a string literal. Velocity doesn't have access to real Java runtime stuff so you can't just easily get hold of class objects or create new objects, etc.
> -- Scott
Thanks. That's the path I was going down, until I got stuck. I was loosely following the "Programmatically Selecting
Flows" MFA flow example[1], but wasn't sure how to get the attributes to actually resolve
("resCtx.resolveAttributes(custom)" where "custom" is an object-ref to "shibboleth.AttributeResolverService") and how to
do the actual value check ("valueType =  Java.type("net.shibboleth.idp.attribute.StringAttributeValue");" and "if
(attribute != null && attribute.getValues().contains(new valueType("Flow1"))) { ... }").

-- Ian


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4090 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the users mailing list