ADFS + Shib 2 Idp + CAS

Cantor, Scott cantor.2 at
Fri May 1 15:24:52 EDT 2015

On 5/1/15, 2:14 PM, "seth underhill" <seth.underhill at> wrote:

>I am not sure why this is so. Does the CAS authentication filter use
>PasswordProtectedTransport no matter what I would specify in my RemoteUser
>filter in handler.xml?

What causes a particular handler to run (that's in handler.xml) and what a handler is actually coded to return (very dependent on the handler) are actually separate things.

The built-in handlers are not designed to deal with multiple login methods in handler.xml at the same time because they only know how to return a single one. You can get the IdP to run them, but then they'll just fail when the mismatch is picked up. Usually I guess people just don't notice because the SP doesn't care and doesn't ask for anything, so whatever comes back just works.

The RemoteUser handler will return the context class that's set in a servlet init parameter (authenticationMethod) or it will just return the PPT context by default. You can tell it to return Microsoft's and risk breaking anything that asks for PPT, basically.

The only way you can handle both at the same time is with two copies of the handler configured at different locations and with different method configurations.

-- Scott

More information about the users mailing list