Shibboleth Developers

[Jeffrey Eaton <>]

I have a need to make my IDP do different things based on the entityID of the 
SP which initiated the request.  Specifically, certian SPs will cause the IDP 
to stop processing and display an error for certain users (specifically, 
those not found in an LDAP directory).  The actual authentication is handled 
by another Apache module, which sets REMOTE_USER.

I tried cloning the RemoteUser login handler, but I can't find a way to get 
the entityID in RemoteUserAuthServlet.  In RemoteUserLoginHandler, that's 
available by doing:

HttpServletHelper.getLoginContext(httpRequest).getRelyingPartyId());

however, after the redirect to the Servlet (which is what is actually 
protected by Apache, so the first place the the REMOTE_USER is available), 
that does not work, since it's a different httpRequest.  I don't see any 
other way to access the SP entityID from there.

Really, I think I want to do this later, after attribute resolution, because 
then I can just look to see if any of the LDAP attributes were resolved, then 
act based on that.

Is there a straightforward way to do this?

-jeaton