How to /Authn/RemoteUser with IdP 3.0

Kathy E. Wright kewrig at
Wed May 27 21:04:09 EDT 2015

Thank you Scott.

I commented out  idp.authn.flows.initial=RemoteUser and the config works


---------- Forwarded message ----------
From: Cantor, Scott <cantor.2 at>
Date: Wed, May 27, 2015 at 8:54 PM
Subject: Re: How to /Authn/RemoteUser with IdP 3.0
To: Shib Users <users at>
Cc: Mark Mercado <mamercad at>, Barry Johnson <cyclist at>

On 5/28/15, 12:36 AM, "Kathy E. Wright" <kewrig at> wrote:

>Our config contained trailing spaces after "RemoteUser" in
>* idp.authn.flows=RemoteUser
>* idp.authn.flows.initial=RemoteUser

You should probably not set idp.authn.flows.initial.

>Extra white spaces are not trimmed from values entered into

They can't be, we don't know that every possible property ever supported
would be safe to trim (we don't even control what they are, people can add
anything they want).

The feedback from the first installation workshop was that spaces are
tripping people up, so we have to add trimming to the places the
properties are actually used where it's appropriate.

And I think do better logging of situations where a configured value isn't
matching something, that should be a strong error.

-- Scott

To unsubscribe from this list send an email to
users-unsubscribe at


Infrastructure & Ops
CCIT, 340 Computer Court
Anderson, SC 29625
kewrig at
(864) 656-8133
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list