Using a different SP entity ID with the IdP SAML authn flow

Wessel, Keith kwessel at
Thu Sep 16 16:31:00 UTC 2021

Help me out here, Scott. PRC? Is that what's passed in as the input?

I'm doing this in my MFA script to get to the requested principals which sounds like what you're talking about here:

authCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
reqprCtx = authCtx.getSubcontext("net.shibboleth.idp.authn.context.RequestedPrincipalContext");

Amusingly, I'm not ever using reqprCtx in my MFA script. So, I probably don't need that there.

But I should be able to do that in this other bean and, if reqprCtx is null, return the default entity ID, correct?

What exactly does PRC stand for?


-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Thursday, September 16, 2021 11:19 AM
To: Shib Users <users at>
Subject: Re: Using a different SP entity ID with the IdP SAML authn flow

That context (if it exists, which is not necessarily true) is underneath the AuthenticationContext, and the input is normally the PRC.

It's PRC -> AuthenticationContext- > RequestedPrincipalContext.

If there are no requirements, it won't be there.

-- Scott

For Consortium Member technical support, see;!!DZ3fjg!rt9xDQf3FYneQPPs8j5dJNxXyuwdM3ofWGjN7TRuLOk5LaYY-osFfluL44ab5MRmiQ$ 
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list