ADFS + Shib 2 Idp + CAS

seth underhill seth.underhill at
Fri May 1 17:32:11 EDT 2015

Thanks for the reply Scott.

The only time that MS auth method comes through is when students are coming into the Shib IdP from ADFS via the Office Mobile App.

Interestingly the CAS config still works with logins into O365 (I assume that O365 doesn't require for an authentication method).

Given what you have explained I will modify web.xml thus:

    <servlet-class> edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class>

Hopefully that will get me to where I need to be.

Thanks again.


From: Cantor, Scott E. [via Shibboleth] [mailto:ml-node+s1660669n7614500h70 at]
Sent: Friday, May 01, 2015 4:20 PM
To: Underhill, Seth T
Subject: Re: ADFS + Shib 2 Idp + CAS

On 5/1/15, 4:55 PM, "seth underhill" <[hidden email]</user/SendEmail.jtp?type=node&node=7614500&i=0>> wrote:

>Would that mean the example for ADFS V2 here:
>is wrong in showing multiple <AuthenticationMethod>s in the UsernamePassword

Incomplete or imperfect at least.

>I thought I would use two different types of handlers for this scenario
>instead of two of the same, so I tried setting the IdP to respond to the
>Microsoft password method in the UsernamePassword handler in my IdP instead
>of in RemoteUser:

That's up to you, but that means no CAS obviously.

>but I still get the same error if I go ADFS -> Shib IdP ->
>https://myidp/idp/Authn/UserPassword after
>the a successful auth comes back from the ldap.

That handler also returns PPT by default. Basically all of them do.

>So is it not possible for me to set the MS method in the servlet init
>parameter even if it is the only one for a given handler?

It's possible, but you didn't set that parameter in web.xml, at least based on the log.

-- Scott

To unsubscribe from this list send an email to [hidden email]</user/SendEmail.jtp?type=node&node=7614500&i=1>

If you reply to this email, your message will be added to the discussion below:
To unsubscribe from ADFS + Shib 2 Idp + CAS, click here<>.

View this message in context:
Sent from the Shibboleth - Users mailing list archive at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list