Using a different SP entity ID with the IdP SAML authn flow

[Wessel, Keith]

That did it. Thank you. I just needed to replace my call to getSubcontext with a call to getParent. I didn't realize the authentication context was the parent.

Now if I can just figure out how to take an attribute coming back from ADFS that contains the satisfied authentication context class ref and turn it back into an ACR in the response, I'll be all set. 😊 You'll hear back from me if I get stuck.

Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Monday, September 20, 2021 11:11 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Using a different SP entity ID with the IdP SAML authn flow

Many times when this runs, it will not find any of those contexts. On top of that, when it runs inside the SAML proxying flow, it's going to be a much more complex tree, and the input PRC is a nested one that's going to be literally below the AuthenticationContext as a child.

Try checking if the input PRC has a parent. If not, return the default. If it does, walk up via getParent, and that should be the AuthenticationContext to operate from.

-- Scott


-- 
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!qdiqyub7jni46PhS_vpnjCtPM1Uo7U_HL2r_MpHodFlAAwONvr-roL-qf5-FXTuLvQ$ 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net