stacking login handlers

[Carsey, Robert]

So my users insist on being able to logon using their username OR their e-mail address.  I know I can stack login handlers, so I have two entries in login.config - one for sAMAccountName; one for UserPrincipalName (i.e. their email address).

However, while I'm certain this will allow login using email address as username;  I don't believe it will work OK when it comes time to resolve some attributes; as my LDAP resolver in attribute-resolver.xml have a filter template of:
<![CDATA[    (sAMAccountName=$requestContext.principalName)   ]]>

So is it a matter of me rewriting the filtertemplate somehow to handle both cases where the user typed in his username (samaccountname) OR his email address (userprincipalname) ?

Details of what I have so far are below:

--in login.config--
   edu.vt.middleware.ldap.jaas.LdapLoginModule sufficient
      host="zz.ww.yy.xx"
      port="3268"
      base="DC=monmouth,DC=edu"
      tls="false"
      serviceCredential="serviceaccountpasswordhere"
      userRoleAttribute="sAMAccountName"
      serviceUser="someserviceaccount at monmouth.edu"
      subtreeSearch = "true"
      userField="samAccountName";
   edu.vt.middleware.ldap.jaas.LdapLoginModule sufficient
      host="zz.ww.yy.xx"
      port="3268"
      base="DC=monmouth,DC=edu"
      tls="false"
      serviceCredential="serviceaccountpasswordhere"
      userRoleAttribute="UserPrincipalName"
      serviceUser="someserviceaccount at monmouth.edu"
      subtreeSearch = "true"
      userField="UserPrincipalName";

--In attribute-resolver.xml --
        <FilterTemplate>
            <![CDATA[
                (sAMAccountName=$requestContext.principalName)
            ]]>
        </FilterTemplate>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140509/b59bd670/attachment.html