ADFS + Shib 2 Idp + CAS

Cantor, Scott cantor.2 at
Fri May 1 17:19:49 EDT 2015

On 5/1/15, 4:55 PM, "seth underhill" <seth.underhill at> wrote:

>Would that mean the example for ADFS V2 here:
>is wrong in showing multiple <AuthenticationMethod>s in the UsernamePassword

Incomplete or imperfect at least.

>I thought I would use two different types of handlers for this scenario
>instead of two of the same, so I tried setting the IdP to respond to the
>Microsoft password method in the UsernamePassword handler in my IdP instead
>of in RemoteUser:

That's up to you, but that means no CAS obviously.

>but I still get the same error if I go ADFS -> Shib IdP ->
>https://myidp/idp/Authn/UserPassword after
>the a successful auth comes back from the ldap.

That handler also returns PPT by default. Basically all of them do.

>So is it not possible for me to set the MS method in the servlet init
>parameter even if it is the only one for a given handler?

It's possible, but you didn't set that parameter in web.xml, at least based on the log.

-- Scott

More information about the users mailing list