Re: chaining LoginModules in IDP ShibUserPassAuth

127 views
Skip to first unread message

Cantor, Scott

unread,
Mar 26, 2012, 10:56:12 AM3/26/12
to us...@shibboleth.net
On 3/26/12 10:49 AM, "Eugene Dvorkin" <Eugene....@ARTstor.org> wrote:

>I have a requirement to create an IDP login page that will first check
>against database for a set of test
>usernames/ passwords and then, if not found, use LDAP directory to
>search for users.
>Can I combine LdapLoginModule with DatabaseLoginModule in some kind of
>chain in login.config file?

To a degree, yes. JAAS can compose modules for you as documented in its
configuration page. Specifically, you want the "sufficient" tag applied to
each one.

But you get very poor error handling, because JAAS will swallow the module
specific exceptions. If you want real error handling, you need a custom
login handler. My contributed handler (see Contributions page) addresses
that, in fact.

-- Scott

--
To unsubscribe from this list send an email to users-un...@shibboleth.net

Eugene Dvorkin

unread,
Mar 26, 2012, 10:56:12 AM3/26/12
to Shib Users
Thank you. I am checking contributions page

Eugene Dvorkin

unread,
Mar 26, 2012, 11:02:58 AM3/26/12
to us...@shibboleth.net
Hi Scott,
Are you referring to Multi factor Login Handler?
https://wiki.shibboleth.net/confluence/display/SHIB2/Multi+Factor+Login+Handler

Thanks

On 03/26/2012 10:56 AM, Cantor, Scott wrote:

Cantor, Scott

unread,
Mar 26, 2012, 11:10:13 AM3/26/12
to us...@shibboleth.net
On 3/26/12 11:02 AM, "Eugene Dvorkin" <Eugene....@ARTstor.org> wrote:
>
>Hi Scott,
>Are you referring to Multi factor Login Handler?
>https://wiki.shibboleth.net/confluence/display/SHIB2/Multi+Factor+Login+Ha
>ndler

No, I'm talking about the one OSU donated. Stateless Cluster SSO.

Reply all
Reply to author
Forward
0 new messages