Custom authentication and extending the login.jsp element.

Fri Aug 31 12:50:40 EDT 2012


I'm not sure you and I are on the same page yet.  Can you please tell me what happens inside shib after the Auth Handler servlet has done a re-direct to the login.jsp?


-----Original Message-----
From: users-bounces at [mailto:users-bounces at] On Behalf Of Cantor, Scott
Sent: Friday, August 31, 2012 12:18 PM
To: Shib Users
Subject: Re: Custom authentication and extending the login.jsp element.

On 8/31/12 11:59 AM, "PARDEE, MARTIN  (MARTIN)" <mlp at>
>It looked to me that I had control flow like this:
>1) Shib intercepts attempt to reach resource via apache plugin,

This is the IdP, there's no Apache plugin.

>2) Control passed to my Custom Auth Servlet,
>3) Servlet redirects to login.jsp,
>4) Login.jsp has FORMACTION that goes to j_security_check (which 
>disappears inside the container),

That's not how the handler works, see other email.

You're confusing container-managed auth, which can be used with the REMOTE_USER handler (along with many other approaches), with the user/pass handler. I believe the stock login.jsp is decorated to be usable in both models, but they're not the same model.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list