Resolving $resolutionContext in LDAP Filter with MFA second factor check
cantor.2 at osu.edu
Wed Dec 23 22:58:19 UTC 2020
On 12/23/20, 5:45 PM, "users on behalf of Herron, Joel D" <users-bounces at shibboleth.net on behalf of herronj at uww.edu> wrote:
> I've inherited the system so I can't say our velocity settings are stock as we do load extra velocity-tools
They're stock because they're hardcoded to have the option set that emits any variable that doesn't exist as literal text.
> So potentially I could create an attribute in the resolver (via scripted attribute) that would populate the RPID and then I
> could pass it into the DC filter when I resolve the attribute I'm actually after in the MFA flow just as I'm doing with the
> users DN? If I'm understanding correctly.
Yes, but that's not going to change anything.
I suspect I'm mistaken and that if $resolutionContext.getAttributeRecipientID() is null, then the whole variable expression is emitted. In which case the bug is yours, you didn't set the field when you invoked the resolver and created the context yourself in a script.
More information about the users