authnContextTranslationStrategyEx: passing through the authenticationContextClassRef unmodified?

Wessel, Keith kwessel at
Wed Oct 13 00:25:53 UTC 2021

Hi, all, but mainly Scott,

I know that the authnContextTranslationStrategyEx hook is meant for changing the authnContextClassRef passed back to the SP. In some cases, I want to do this. In other cases, I want to just pass through what the upstream IdP sent me unmodified.

It looks like the function has to return something. If I return null or don't return anything, I end up with an authnContextClassRef in the response of unspecified. Is there an easy way to get the current response from the upstream IdP and, specifically, the acr values from it to use as a default return from my function? I'm not seeing anything obvious in the context tree that would provide that information.


More information about the users mailing list