How to bypass defaultAuthenticationMethod

Vishvjit Khalipe vishvjit at gmail.com
Sun Feb 2 17:46:22 EST 2014


Thanks for your comments.

1. "Out of curiosity, how do you do this? I thought once a login
handler was chosen you can't just invoke another one (e.g. from a
JSP)?"

-> Kerberos Login Handler sets "krbLoginFailed" attribute if Kerberos
authentication fails. Based on the "krbLoginFailed" attribute we
forward the request to user-password login jsp.

2. "Shouldn't you be able to configure the Kerberos Login Handler in a
way that it will not automatically attempt SPNEGO with Kerberos
rightaway, but only on request of the subject?"

-> We don't want to introduce additional click for all users to
achieve some exceptional cases... so far we have requested users to
access the resource using a browser that is not configured for
kerberos. However we want a solution where users won't have to fiddle
with browser setting to directly use user/password authentication.

Pls let me know if there are any other suggestions.



On Sun, Feb 2, 2014 at 12:48 PM, Vishvjit Khalipe <vishvjit at gmail.com>wrote:

> Hello,
>
> We are using Shibboleth IdP 2.3.6 + Kerberos Login Handler + user password
> login as fail-over to enable SSO for users.
>
> For all the relying parties we have Kerberos Login Handler as the Default
> Login Handler (defaultAuthenticationMethod). If kerberos authentication
> fails the user is redirected to user password login handler. So far, all
> the SP have requested unsolicited (IdP initialized) SSO.
>
> However, in some cases (where a user wants to login from another users
> computer) we want to bypass the (defaultAuthenticationMethod) Kerberos
> Login Handler and go directly to User Password page. Is there any out of
> box config for this ?
>
> Thank you in advance for your time and help.
>
> --
> Regards,
>   Vish
>
>


-- 
Regards,
  Vish

Vishvjit Khalipe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140202/8253959e/attachment.html 


More information about the users mailing list