defining custom password validator in 3.2.0?
Jeffrey Eaton
jeaton at cmu.edu
Mon Dec 14 14:34:25 EST 2015
> On Dec 14, 2015, at 1:54 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>
> On 12/14/15, 1:48 PM, "users on behalf of Jeffrey Eaton" <users-bounces at shibboleth.net on behalf of jeaton at cmu.edu> wrote:
>
>
>
>> I have had to develop a custom password authentication validation routine for my Shibboleth 3.2.0 server.
>
> I'm not sure that's possible without copying the flow, given the design. It might be, but it wasn't anything I tested. JAAS was the established way to do that.
The problem I have to solve is more just around the logging of precisely when, and how, a password gets successfully validated or not. It's all to please the security folks for their auditing purposes.
>
>> which looks to me like it didn't properly load my bean definition.
>
> No, the problem is the flow definition and how it calls that step. You would have to create an alias.
>
> <alias name="MyActionBeanName" alias="ValidateUsernamePassword"/>
>
> That's already done to control which of the three backends is used now. I guess if that works, then it's more or less accomodated and needs to be documented.
>
> -- Scott
>
I do have that defined. In conf/authn/password-authn-config.xml I do:
<import resource="cmujaas-authn-config.xml" />
And then in conf/auth/cmujaas-authn-config.xml I ha
<alias name="CMUValidateUsernamePasswordAgainstJAAS" alias="ValidateUsernamePassword"/>
I wonder if I can just define the bean in there. I'll try that.
-jeaton
More information about the users
mailing list