MFA & multiple RemoteUser paths

Marco Naimoli marco.naimoli at
Tue Sep 28 14:54:03 UTC 2021

Hello, I little update: setting the AuthnContextClassRef works (I used
"exact" as operator parameter, but I don't know what are the supported
but only if there's not other AuthnContextClassRef defined.
Regardless if it is a good solution or not, is there a way to add (and not
replace) a second AuthnContextClassRef ?
Thank you
Marco Naimoli

Il giorno mar 28 set 2021 alle ore 16:01 Marco Naimoli <
marco.naimoli at> ha scritto:

> Hello, I'm using MFA on IDP4, that can use RemoteUser authentication;
> using remoteuser-authn-config.xml
> configuration file I choose among various path (example Authn/path1,
> Authn/path2) the right path using the AuthnContextClassRef sent from the SP.
> Now I need to choose using something that a user can select from
> authenticaton screen (for example: based on the user selection the
> remoteuser-authn-config.xml could select Authn/path3);
> a possible solution could be to use, on remoteuser-authn-config.xml, the
> eventId of the user selection, but I don't know if it's possible and how;
> otherwise I could set an AuthnContextClassRef
> from the MFA script: I tried using the script:
> -------------
> authCtx =
> input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
> var AuthnContextClassRefPrincipal =
> Java.type("net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal");
>             tkp = new AuthnContextClassRefPrincipal("myContextClassRef");
>             authCtx.addRequestedPrincipalContext("operator",tkp,false);
> -------------
> but I don't know what to put on the "operator" field; but, more generally,
> I don't know if any of the
> two methods are the right approach to this problem
> Another way could be to "clone" the RemoteUser flow to a new one (creating
> a new module ?),
> but it seems a complex solution for a (apparently) simple problem
> Could anyone help me ?
> Thank you
> Marco Naimoli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list