authnContextTranslationStrategyEx: passing through the authenticationContextClassRef unmodified?

[Wessel, Keith]

That makes sense. And if both return null, keep the authnContextClassRef unmodified. Because I can't think of a situation where null would be an appropriate return from either of those other than as a signal to not translate.

Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Tuesday, October 12, 2021 9:24 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: authnContextTranslationStrategyEx: passing through the authenticationContextClassRef unmodified?

On 10/12/21, 10:21 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

>    Regarding the comment on the fix. When you say cascades, you mean 
> if the function returns nothing, it falls back on whatever came from 
> the upstream IdP instead of responding with unspecified? If so, yes, I 
> agree that that would make a lot of sense. If one really wanted to return unspecified, which we all know is a very bad idea, then they could explicitly do that in the function.

The code isn't in front of me, but I was thinking to run each injectible strategy, which IIRC is just two, the Ex one and the original which defaults to using the map bean. If the Ex returns null it tries the original.

-- Scott


--
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!vl5Z2dHqV6PooPSfq2n1nZeT4xadsUFhQt7nUa_HXYNfBHic9g5pXh0Wlb7ZDHnepg$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net