Which handler LDAP SSO

Peter Schober peter.schober at univie.ac.at
Tue Nov 11 08:03:12 EST 2014

* Morris, Andi <amorris at cardiffmet.ac.uk> [2014-11-11 13:44]:
> Thanks. I have UsernamePassword configured at the moment and I'm
> having trouble getting the bind to work so that users can login, but
> I'll continue to work on that.

This is all within the JAAS config file, login.config, as per the Shib

> However, when running against test shib I'm being shown a login
> screen, as expected at the moment.

Yes, https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUserAuthn

  Presents the user with an authentication page and then checks the
  entered username and password against an LDAP directory or Kerberos 5

So the UsernamePassword will generate HTML to collect credentials, and
validate them via LDAP (or Kerberos, but that doesn't change the fact
that a HTML form is rendered at the IDP).

> When I have the ldap running correctly will the users still be shown
> this screen if they already currently have valid windows credentials


> or will I need to configure this with Kerberos? What we have at the
> moment is users being logged on without being prompted when they
> access a shibboleth resource internally.

You'll have to do something entirely different:


The folks from Uni Newcastle have quite complete documentation for
this, IIRC, if you (or your peers from the UKfederation) don't find
anything better to offer try this:

More information about the users mailing list