Resolving attributes from a SAML proxy

Wessel, Keith kwessel at
Fri Oct 8 19:22:24 UTC 2021

If I debugged this correctly:

         if (input.getSubcontext("net.shibboleth.idp.profile.context.RelyingPartyContext") == null) {
                    logger.debug("Relying party context not found");
                else {
                    logger.debug("Relying party context found");

                if (input.getSubcontext("net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext") == null) {
                    logger.debug("Attribute resolution context not found");
                else {
                    logger.debug("Attribute resolution context found");

...then we're missing the attribute resolution context:

2021-10-08 14:14:13,167 - DEBUG [mfa_claim_to_acr:8] - Relying party context found
2021-10-08 14:14:13,176 - DEBUG [mfa_claim_to_acr:12] - Attribute resolution context not found

Is that debugging code correct?

If so, I should be able to use similar code to do attribute resolution like I'm using in my MFA function to get one, right?

                rpid = input.getSubcontext("net.shibboleth.idp.profile.context.RelyingPartyContext").relyingPartyId;

                resCtx = input.getSubcontext("net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext", true);

Is that what I need to do? Or is there a simpler way?


-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Friday, October 8, 2021 2:03 PM
To: Shib Users <users at>
Subject: Re: Resolving attributes from a SAML proxy

On 10/8/21, 2:59 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

>    Can you at least tell me if the attribute context and the relying party context should be in the profile request
> context when its assigned to the input passed into my authnContextTranslationStrategyEX function?

They should be if I'm reading the code correctly but only if it actually managed to decode anything, which should be logged.

-- Scott

For Consortium Member technical support, see;!!DZ3fjg!vCYr6fklBq1K4rLGNst5NfevYrTwD5Y92hPx8jGcYOV-vIevtqpBmWmqYgsyKXT3Ww$ 
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list