Using a different SP entity ID with the IdP SAML authn flow
Cantor, Scott
cantor.2 at osu.edu
Mon Sep 20 19:02:51 UTC 2021
On 9/20/21, 2:57 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> Now if I can just figure out how to take an attribute coming back from ADFS that contains the satisfied
> authentication context class ref and turn it back into an ACR in the response, I'll be all set. 😊 You'll hear back
> from me if I get stuck.
There's no great fix for that because it's flat broken, but 4.1 adds a function hook for it on the profile config called authnContextTranslationStrategyEx with type Function<ProfileRequestContext,Collection<Principal>>
(authnContextTranslationStrategy is the original hook that only has access to the incoming SAML AuthnContext and not the whole tree)
-- Scott
More information about the users
mailing list