CAS protocol and auditContext during MDA authn flow

Cantor, Scott cantor.2 at
Sat May 2 17:40:36 EDT 2020

On 5/2/20, 5:21 PM, "users on behalf of Michael A Grady" <users-bounces at on behalf of mgrady at> wrote:

> But just discovered that if one adds in usage of the CAS protocol, that auditContext does not appear to exist yet, so
> auditCtx ends up null.

I don't know why that's the case, but...

> That's, of course, easy enough to account for as  follows:

No, just do:

auditCtx = input.getSubcontext("net.shibboleth.idp.profile.context.AuditContext", true);

I think this would be fairly confusing to include for SAML, which already has log fields that capture this more effectively, including the request side in V4.

You should never deduce anything from the names of login flows. Always operate on names Principals, never directly on methods that lead to them. That's brittle.

-- Scott

More information about the users mailing list