Cannot resolve 'ExternalAuthn' to a type definition for element 'LoginHandler'.
kaustubh at easydita.com
Tue Nov 1 13:11:40 GMT 2011
Thanks. That made it a lot clearer to me.
Since the IdP 'forwards' the HttpServletRequest to the endpoint (which
would be the external authentication system), I assume I should be able to
have a login page at the endpoint, where the user can login and then the
required interface properties could be set and the control could be
returned to the Authentication Engine. Please correct me if I have
Finally, can I download the packages containing the classes so I can set
the properties for the interface?
On Mon, Oct 31, 2011 at 4:48 PM, Brent Putman <putmanb at georgetown.edu>wrote:
> On 10/31/11 3:34 PM, Kaustubh Nagraj wrote:
> > I was not clear about how the external authentication system works. When
> > we use the ExternalAuthn login handler in the handler.xml, does the
> > externalAuthnPath refer to the URL to which the IdP gets redirected to?
> There's no redirect; the request is forwarded to that endpoint, in the
> Java Servlet spec sense of the term forward.
> > Or does it go there to find out login information about whether or not
> > user is already logged in.
> The *IdP* itself doesn't "go there"; the HttpServletRequest is forwarded
> there. The code at that endpoint (Servlet, Filter, JSP, etc) does
> whatever it's going to do to authentication the user.
> Once the user is authenticated, the code returns control back to the IdP
> using the mechanism described on the wiki page, and also on the
> LoginHandler interface docs:
> > I was imagining it to be setup such that the IdP goes to the URL
> > specified and the servlet at the said URL then can be used to log the
> > user in and then can set the properties required by the IdP before
> > coming back to the IdP endpoint.
> Sort of, except the IdP doesn't "go to" that URL, depending on what you
> mean by that. It's an internal Java servlet forward. And yes - that
> endpoint must set some properties as required by the LoginHandler
> interface contract and returns controls back to the AuthenticationEngine.
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users