Using two authentication on the same interface

Kevin P. Foote kpfoote at
Mon Feb 25 10:08:25 EST 2013

On Mon, 25 Feb 2013, shib_user wrote:

> That is exactly that i'm doing. The error message is (that is for the
> default authentication):

Have you defined a "defaultAuthenticationMethod" in the
"DefaultRelyingParty" config block of relying-party.xml ?

Have you defined multiple LoginHandlers in handler.xml ?

As I said before without specifying a "default" in the
DefaultRelyingParty config block you will get the appearance of 
semi-randomness of the method that is chosen by the IdP. 
This has been covered .. not sure what list/wiki or where but it has.

> But the external authentication is working, it seems to be it override the
> others kind of authentication.
> And I found in a post, that the external authentication works alone, so it
> has to be the only loginhandler uncomment in handler.xml

In your next email you cite a thread.. where Chad lays out exactly the 
ways in which you can "call" a specific LoginHandler from your RP.

..Here you go..

-- SNIP --
There are three ways to signal this: 
1. Make it the only login handler available (i.e., comment out the 
other ones).  This obviously doesn't work if you have to support 
multiple methods 
2. In the relying-party.xml, on a relying party configuration you can 
configure the default authentication method 
3. Have the SP request the handler by the authentication method ID you 
assign it.
-- E.SNIP --

I believe everything you need is in that thread you linked..

There is no problem running multiple LoginHandlers one of which is
remote based.

Again as Peter said if you have need specifics ask them .. we're trying
to help you sort this out. :-)


More information about the users mailing list