authnContextTranslationStrategyEx: passing through the authenticationContextClassRef unmodified?

Cantor, Scott cantor.2 at
Wed Oct 13 00:41:06 UTC 2021

On 10/12/21, 8:26 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

> Is there an easy way to get the current response from the upstream IdP and, specifically, the acr values from it
> to use as a default return from my function? I'm not seeing anything obvious in the context tree that would
> provide that information.

Nothing trivial. From the "right" PRC, you go up to AuthenticationContext and down to SAMLAuthnContext, and the authentication statement it processed is in there. From the broken input now, you go down to the AuthnenticationContext and then down to the SAMLAuthnContext.

I think it makes sense to fix the code so it cascades and tries the options in order until it gets a non-null result, to avoid having to do it manually.

-- Scott

More information about the users mailing list