Using a different SP entity ID with the IdP SAML authn flow
cantor.2 at osu.edu
Mon Sep 20 16:11:23 UTC 2021
Many times when this runs, it will not find any of those contexts. On top of that, when it runs inside the SAML proxying flow, it's going to be a much more complex tree, and the input PRC is a nested one that's going to be literally below the AuthenticationContext as a child.
Try checking if the input PRC has a parent. If not, return the default. If it does, walk up via getParent, and that should be the AuthenticationContext to operate from.
More information about the users