Using a different SP entity ID with the IdP SAML authn flow

Wessel, Keith kwessel at illinois.edu
Thu Sep 16 16:16:32 UTC 2021 

Ah, time to get off of Nashorn.

There are examples. In fact, I'm using getSubcontext calls in other parts of my IdP like my MFA config.

I changed it to this:
var requestedPrincipals = input.getParent().getSubcontext("net.shibboleth.idp.authn.context.RequestedPrincipalContext").getRequestedPrincipals();

and even tried removing getParent:
var requestedPrincipals = input.getSubcontext("net.shibboleth.idp.authn.context.RequestedPrincipalContext").getRequestedPrincipals();

But both produce a null class:

2021-09-16 11:09:22,261 - ERROR [net.shibboleth.idp.authn:-2] - Uncaught runtime exception - [session=F01E18797A412FD29C803EFA99895E69] [ip=172.16.95.162] java.lang.RuntimeException: javax.script.ScriptException: TypeError: null has no such function "getRequestedPrincipals" in <eval> at line number 2
	at net.shibboleth.utilities.java.support.scripting.AbstractScriptEvaluator.evaluate(AbstractScriptEvaluator.java:193)
Caused by: javax.script.ScriptException: TypeError: null has no such function "getRequestedPrincipals" in <eval> at line number 2
	at jdk.scripting.nashorn/jdk.nashorn.api.scripting.NashornScriptEngine.throwAsScriptException(NashornScriptEngine.java:477)
Caused by: jdk.nashorn.internal.runtime.ECMAException: TypeError: null has no such function "getRequestedPrincipals"
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.ECMAErrors.error(ECMAErrors.java:57)

Is net.shibboleth.idp.authn.context.RequestedPrincipalContext the correct full name of the class I should be accessing?

If so, do I need to access the parent of the input before retrieving it?

And either way, why am I getting null back?

Thanks,
Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Wednesday, September 15, 2021 5:59 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Using a different SP entity ID with the IdP SAML authn flow

You can't just access classes like that, but I don't use Nashorn, I don't know exactly how you have to do things like that. I think there are probably examples with class references somewhere.

We added getSubcontext("classname") versions that bypass all that, but you have to pass the fully qualified class name, not just "RequestedPrincipalContext".

-- Scott


-- 
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!uuRHa7ccLr5Y0n72MIamgq5MrDqeN4UN5PYtVaSwjY4n-e71pNzOBwyVuNHBoZ2syw$ 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list