shib-cas-authn2 and forceAuthn

Cantor, Scott cantor.2 at
Mon Sep 8 23:41:40 EDT 2014

On 9/8/14, 11:37 PM, "Scott Koranda" <skoranda at> wrote:
>I also looked in detail at the code for CasLoginHandler. I expected
>that during the constructor call I would see
>They are not invoked there but instead are invoked during login().
>Will that work? I would have thought that the IdP needs to know at the
>time it creates the login handler whether or not it supports forced
>reauthentication and isPassive. What am I missing?

I can't speak to that handler, but I can confirm that those do have to be
set at construction time, the IdP walks the handler list looking for one
that reports it can support it.

For the handlers in the IdP, it's controlled with an XML attribute in the
LoginHandler element.

-- Scott

More information about the users mailing list