authnContextTranslationStrategyEx: passing through the authenticationContextClassRef unmodified?

Wessel, Keith kwessel at
Thu Oct 14 14:41:36 UTC 2021

Thanks, Scott. That helps. I'm just having some trouble putting it into a new singletonList to return from the function.

I'm getting it like this:

var samlCtx = authCtx.getSubcontext("net.shibboleth.idp.saml.saml2.profile.impl.SAMLAuthnContext");
var authnStatement = samlCtx.getAuthnStatement();

With all of the relevant checks for null returns along the way. Then I assume I can get what I need with:


I'm trying to do this to put it into the right return type:

var collectionType = Java.type("java.util.Collections");
acr = new collectionType;

But I get:

TypeError: Can not create new object with constructor java.util.Collections with the passed arguments; they do not match any of its method signatures.

What's the proper way to create a new collection with a singletonList?

Alternatively, can I create an empty list in my helper map and just add the returned value to it? What method would I use to add it to the list in that case?

I realize this is a temporary workaround until the fixes you've made to this hook and its surrounding logic for what to do with null values is fixed. I figured I'd code the workaround, though, to at least get something working now and maybe learn a few things in the process.


-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Tuesday, October 12, 2021 7:41 PM
To: Shib Users <users at>
Subject: Re: authnContextTranslationStrategyEx: passing through the authenticationContextClassRef unmodified?

On 10/12/21, 8:26 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

> Is there an easy way to get the current response from the upstream IdP 
> and, specifically, the acr values from it to use as a default return 
> from my function? I'm not seeing anything obvious in the context tree that would provide that information.

Nothing trivial. From the "right" PRC, you go up to AuthenticationContext and down to SAMLAuthnContext, and the authentication statement it processed is in there. From the broken input now, you go down to the AuthnenticationContext and then down to the SAMLAuthnContext.

I think it makes sense to fix the code so it cascades and tries the options in order until it gets a non-null result, to avoid having to do it manually.

-- Scott

For Consortium Member technical support, see;!!DZ3fjg!rvm-R7-6yVyvUsmKRMSPZSxwkYjK1aT1tbnnjNbOlXVtPB6oD2ZqvxCRosPesfRTvw$
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list