How to access the AssertionConsumerServiceURL from the AuthnRequest in a custom MFA flow

[Cantor, Scott]

I don't see what the ACS has to do with anything, and it's the worst idea to ever depend on them for anything, they're implementation details. If all the customers used Okta, they'd all be sitting under okta.com.

You can build your own flows and/or views to use from within the MFA flow to do email-based discovery or anything else. With V4 you can also use an external discovery step outright, but that's also not in V3.

To answer the question, the ACS is nowhere you can truly depend on, but for the moment it will normally be accessible via org.opensaml.saml.common.binding.SAMLBindingSupport.getEndpointURL() called against the outbound MessageContext under the ProfileRequestContext.

Generally speaking, all of the message context material is not a stable commitment.

-- Scott