authnContextTranslationStrategyEx: passing through the authenticationContextClassRef unmodified?

Wessel, Keith kwessel at
Wed Oct 13 14:01:20 UTC 2021

That makes sense. And if both return null, keep the authnContextClassRef unmodified. Because I can't think of a situation where null would be an appropriate return from either of those other than as a signal to not translate.


-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Tuesday, October 12, 2021 9:24 PM
To: Shib Users <users at>
Subject: Re: authnContextTranslationStrategyEx: passing through the authenticationContextClassRef unmodified?

On 10/12/21, 10:21 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

>    Regarding the comment on the fix. When you say cascades, you mean 
> if the function returns nothing, it falls back on whatever came from 
> the upstream IdP instead of responding with unspecified? If so, yes, I 
> agree that that would make a lot of sense. If one really wanted to return unspecified, which we all know is a very bad idea, then they could explicitly do that in the function.

The code isn't in front of me, but I was thinking to run each injectible strategy, which IIRC is just two, the Ex one and the original which defaults to using the map bean. If the Ex returns null it tries the original.

-- Scott

For Consortium Member technical support, see;!!DZ3fjg!vl5Z2dHqV6PooPSfq2n1nZeT4xadsUFhQt7nUa_HXYNfBHic9g5pXh0Wlb7ZDHnepg$
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list