Questions about returning roles in the Assertion

Cantor, Scott cantor.2 at
Fri Aug 31 14:41:34 EDT 2012

On 8/31/12 1:55 PM, "Yaowen Tu" <yaowen.tu at> wrote:
>The reason I am not using DB for my testing purpose is that Shib IDP has
>OOTB JAAS and DataConnector for LDAP, but for relational DB it only has a
>DataConnector. Is my understanding correct?

Yes, but there are plenty of JAAS modules around for JDBC.

>Also I see that in the DataConnector, we are storing plain text for
>"principalCredential" or "jdbcPassword". Is there an option to encrypt
>this field?

How would you decrypt it?

If you don't want passwords in the file, use the property replacement
filter feature.

-- Scott

More information about the users mailing list