Resolving $resolutionContext in LDAP Filter with MFA second factor check

[Herron, Joel D]

Finally got back to this and was able to fix my the lack of setting the field in the new context, thanks Scott for pointing me in the right direction.

--Joel

On 12/23/20, 4:58 PM, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:

    *EXTERNAL EMAIL*

    On 12/23/20, 5:45 PM, "users on behalf of Herron, Joel D" <users-bounces at shibboleth.net on behalf of herronj at uww.edu> wrote:

    >    I've inherited the system so I can't say our velocity settings are stock as we do load  extra velocity-tools  

    They're stock because they're hardcoded to have the option set that emits any variable that doesn't exist as literal text.

    >    So potentially I could create an attribute in the resolver (via scripted attribute) that would populate the RPID and then I
    > could pass it into the DC filter when I resolve the attribute I'm actually after in the MFA flow just as I'm doing with the
    > users DN? If I'm understanding correctly.

    Yes, but that's not going to change anything.

    I suspect I'm mistaken and that if $resolutionContext.getAttributeRecipientID() is null, then the whole variable expression is emitted. In which case the bug is yours, you didn't set the field when you invoked the resolver and created the context yourself in a script.

    -- Scott


    -- 
    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net