apache2/idp kerberos RemoteUserInternal with Password flow fallback

Cantor, Scott cantor.2 at osu.edu
Fri May 29 09:38:35 EDT 2015

On 5/29/15, 5:34 AM, "users on behalf of Raffael Sahli" <users-bounces at shibboleth.net on behalf of sahli at gyselroth.com> wrote:
>"order in the descriptor list" means "idp.authn.flows = Password|RemoteUser" ?
>Or is there another way to order the flows?

Order in the general-authn config file where the beans are defined. The order in the property means nothing, that's a regular expression.

>With all configs I have tried, it always selects the authn/RemoteUser first.
>And I don't see any Password flow releated logs and no "ReselectFlow".

That isn't how it works, so I don't know what to tell you. If getRemoteUser doesn't return anything, that flow falls through to whatever else is available.

-- Scott

More information about the users mailing list