In IdP v2 we use a ScriptedAttributeDefinition to release the
password entered on the login page as an attribute:
userSubject = requestContext.getUserSession().getSubject();
(Background: we then encrypt the password before releasing it to an internal SP that
requires it. It is then decrypted and used by the portal running on that
SP to access and display a user's email and calendar events.)
The .getUserSession() method has been ported to v3 but as an empty method that just logs a warning.