shib-cas-authn2 and forceAuthn

[Misagh Moayyed]

In reference to the issue of configuring support for both forced and
passive authentication in the CAS login handler, thought I'd point out
that the issue is now fixed here:
https://github.com/Unicon/shib-cas-authn2 

-----Original Message-----
From: Misagh Moayyed [mailto:mmoayyed at unicon.net] 
Sent: Tuesday, September 9, 2014 9:21 AM
To: 'Shib Users'
Subject: RE: shib-cas-authn2 and forceAuthn

Thanks for clarification. This indeed is something we should fix with the
handler to set support for both flags during the ctor call rather than
during login().

We'll take this up shortly and will also update the documentation to note
how these flags are auto-set by the handler.

-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Cantor, Scott
Sent: Monday, September 8, 2014 8:42 PM
To: Shib Users
Subject: Re: shib-cas-authn2 and forceAuthn

On 9/8/14, 11:37 PM, "Scott Koranda" <skoranda at gmail.com> wrote:
>
>I also looked in detail at the code for CasLoginHandler. I expected 
>that during the constructor call I would see
>
>setSupportsForceAuthentication()
>
>and
>
>setSupportsPassive()
>
>They are not invoked there but instead are invoked during login().
>Will that work? I would have thought that the IdP needs to know at the 
>time it creates the login handler whether or not it supports forced 
>reauthentication and isPassive. What am I missing?

I can't speak to that handler, but I can confirm that those do have to be
set at construction time, the IdP walks the handler list looking for one
that reports it can support it.

For the handlers in the IdP, it's controlled with an XML attribute in the
LoginHandler element.

-- Scott

--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net