shib-cas-authn2 and forceAuthn
mmoayyed at unicon.net
Tue Sep 16 11:41:25 EDT 2014
In reference to the issue of configuring support for both forced and
passive authentication in the CAS login handler, thought I'd point out
that the issue is now fixed here:
From: Misagh Moayyed [mailto:mmoayyed at unicon.net]
Sent: Tuesday, September 9, 2014 9:21 AM
To: 'Shib Users'
Subject: RE: shib-cas-authn2 and forceAuthn
Thanks for clarification. This indeed is something we should fix with the
handler to set support for both flags during the ctor call rather than
We'll take this up shortly and will also update the documentation to note
how these flags are auto-set by the handler.
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Cantor, Scott
Sent: Monday, September 8, 2014 8:42 PM
To: Shib Users
Subject: Re: shib-cas-authn2 and forceAuthn
On 9/8/14, 11:37 PM, "Scott Koranda" <skoranda at gmail.com> wrote:
>I also looked in detail at the code for CasLoginHandler. I expected
>that during the constructor call I would see
>They are not invoked there but instead are invoked during login().
>Will that work? I would have thought that the IdP needs to know at the
>time it creates the login handler whether or not it supports forced
>reauthentication and isPassive. What am I missing?
I can't speak to that handler, but I can confirm that those do have to be
set at construction time, the IdP walks the handler list looking for one
that reports it can support it.
For the handlers in the IdP, it's controlled with an XML attribute in the
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net
More information about the users