Using a different SP entity ID with the IdP SAML authn flow

[Wessel, Keith]

Sorry to beat a dead horse on this one, but I'm still not out of the woods. Sorry to mix metaphors, too.

The ProfileRequestContext (input in my bean) doesn't seem to contain the authentication context. This is the first line of the function:
                var authnCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");

And this check fails and falls through to my else:
                if (authnCtx != null) {

So, what exactly is passed into this function, and how can I access the requested principals?

Keith

-----Original Message-----
From: Wessel, Keith 
Sent: Thursday, September 16, 2021 2:32 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: Using a different SP entity ID with the IdP SAML authn flow

Duh, I should have known that.

Thanks, Scott, this appears to be working now.

Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Thursday, September 16, 2021 11:57 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Using a different SP entity ID with the IdP SAML authn flow

On 9/16/21, 12:32 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

>    Help me out here, Scott. PRC? Is that what's passed in as the input?

Yes.

>    I'm doing this in my MFA script to get to the requested principals which sounds like what you're talking
> about here:

Yes.

>But I should be able to do that in this other bean and, if reqprCtx is null, return the default entity ID, correct?

Yes.

>    What exactly does PRC stand for?

ProfileRequestContext, the root of the tree.

-- Scott




-- 
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!vzzICiB84PCMZByr_6Biaozrz5IOz-XB0BLi1Tc0977LEVlrmnN5RRA32h07w7OWOw$ 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net