Using a different SP entity ID with the IdP SAML authn flow

Cantor, Scott cantor.2 at
Mon Sep 20 19:02:51 UTC 2021

On 9/20/21, 2:57 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

>    Now if I can just figure out how to take an attribute coming back from ADFS that contains the satisfied
> authentication context class ref and turn it back into an ACR in the response, I'll be all set. 😊 You'll hear back
> from me if I get stuck.

There's no great fix for that because it's flat broken, but 4.1 adds a function hook for it on the profile config called authnContextTranslationStrategyEx with type Function<ProfileRequestContext,Collection<Principal>>

(authnContextTranslationStrategy is the original hook that only has access to the incoming SAML AuthnContext and not the whole tree)

-- Scott

More information about the users mailing list