Custom Login handler
Chad La Joie
lajoie at itumi.biz
Sun Sep 4 12:00:57 BST 2011
Well, without a significant amount of hackery you aren't going to get
a JAAS module to display web pages. So, what you might want to look
at is how uApprove works. It intercepts calls going to the profile
handler manager from the authentication engine. If you do the same
then you don't need to write any special login handler you just need
to write a webapp (whether you actually merge with the IdP or not is a
different question) that addresses your three possible outcomes.
On Sun, Sep 4, 2011 at 02:54, Joshua Brodie <josbrodie at gmail.com> wrote:
> Thank you everyone for the great feedback.
> The requirements have changed - always to be expected :)
> The sequence of events required are:
> 1) User authenticates at IdP
> 2) If username/password correct, check business rule, based on the
> student's records (three potential workflows):
> A) User must read and agree to University fee change etc.; when
> agreed, forward to SP
> B) Deny access (extreme case where user's have not paid; for legal
> reasons a page, with long legal text will appear)
> C) User is forwarded to SP (no intermediary screens)
> i) Should I focus on cloning UsernamePasswordLoginServlet and adapting
> it to my requirements?
> ii) will this be with JAAS? i.e. authenticate person first, then
> determine's the user's workflow, i.e. pass to staging page where they
> must agree to new fee structure etc?
> iii) will this be via a non-JAAS scenario where I clone
> UsernamePasswordLoginServlet - and write a new servlet, with
> middle-layer to process business rules
> Thank you - your feedback help especially with many late nights and
> the thinking is not as clear as it should be!
> On 31 August 2011 22:58, Halm Reusser <halm.reusser at switch.ch> wrote:
>> On 31.08.11 08:24, Joshua Brodie wrote:
>>> Can anyone point me to a custom login handler? A simple example will
>>> be great; I have to validate userName, password and then present
>>> cutomise messaging, before forwarding to SP.
>> Joshua, you might want to rely upon the existing JAAS UsernamePassword
>> LoginHandler and just extend it with your needed features (e.g., show
>> custom message).
>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
Chad La Joie
trusted identities, delivered
More information about the users