Obtaining IDP attributes, which method is appropriate?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Obtaining IDP attributes, which method is appropriate?

Losen, Stephen C (scl)
Hi folks,

I can see two ways of obtaining attributes in scripts/views.

In the authn/MFA transition map example script I see that you drill down like this:

ProfileRequestContext -> AttributeResolutionContext

and you need to pass "shibboleth.AttributeResolverService" as a "custom" bean to the script.

But from the [hidden email] archives I see that velocity views can drill down like this:

ProfileRequestContext -> RelyingPartyContext -> AttributeContext

Is the former method necessary for authn/MFA because authentication has not completed?

Does the latter method work only after authentication has completed?

Can post authentication intercept scripts also use this method?

Thanks,


Stephen C. Losen
ITS - Systems and Storage
University of Virginia
[hidden email]    434-924-0640


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Obtaining IDP attributes, which method is appropriate?

Cantor, Scott E.
> In the authn/MFA transition map example script I see that you drill down like
> this:

That isn't getting attributes, that's resolving them in the first place. They don't end up in an AttributeContext because it's not a standard resolution sequence done by the core code.

> Is the former method necessary for authn/MFA because authentication has not
> completed?

Because attributes haven't been resolved, but yes.

> Does the latter method work only after authentication has completed?

After attributes have been resolved.

> Can post authentication intercept scripts also use this method?

Post-authentication is also after attributes are resolved.

-- Scott

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]