Resolving $resolutionContext in LDAP Filter with MFA second factor check

Cantor, Scott cantor.2 at
Wed Dec 23 22:58:19 UTC 2020

On 12/23/20, 5:45 PM, "users on behalf of Herron, Joel D" <users-bounces at on behalf of herronj at> wrote:

>    I've inherited the system so I can't say our velocity settings are stock as we do load  extra velocity-tools  

They're stock because they're hardcoded to have the option set that emits any variable that doesn't exist as literal text.

>    So potentially I could create an attribute in the resolver (via scripted attribute) that would populate the RPID and then I
> could pass it into the DC filter when I resolve the attribute I'm actually after in the MFA flow just as I'm doing with the
> users DN? If I'm understanding correctly.

Yes, but that's not going to change anything.

I suspect I'm mistaken and that if $resolutionContext.getAttributeRecipientID() is null, then the whole variable expression is emitted. In which case the bug is yours, you didn't set the field when you invoked the resolver and created the context yourself in a script.

-- Scott

More information about the users mailing list