How to configure multiple RemoteUser Auth URLs on IDP v3 ?

Losen, Stephen C. (scl) scl at
Thu Apr 21 09:33:03 EDT 2016

Hi Scott,

I definitely need this functionality so a patch for 3.2 would be great.  How do I file a request for enhancement for 3.3 ?


Stephen C. Losen
ITS - Systems and Storage
University of Virginia
scl at    434-924-0640

-----Original Message-----
From: users [mailto:users-bounces at] On Behalf Of Cantor, Scott
Sent: Wednesday, April 20, 2016 10:50 PM
To: Shib Users
Subject: Re: How to configure multiple RemoteUser Auth URLs on IDP v3 ?

On 4/20/16, 6:55 PM, "Cantor, Scott" <cantor.2 at> wrote:

>>Here is how I set up "enhanced" login on IDP v2 in handler.xml
>There is no direct equivalent, and it isn't really something you can do easily without learning at least some minimal Spring Web Flow to be able to copy and adapt the existing flows. It's mostly cut and paste more than really learning it, but it isn't trivial.

I should note, there are some ways to support this general scenario, but it was with the Password flow + JAAS, not RemoteUser. I designed in a ton of flexibility for combining JAAS methods into one flow, including use of different AuthnContextClassRefs to trigger them, because that's what I used to use.

I don't use RemoteUser, so I didn't spend the time designing in that flexibility there, but I probably could cook something up in 3.3 if you file a request for it. What's probably needed is a map of different RemoteUser endpoints with custom Principal sets, so the flow can dispatch to the right one based on the request.

I could probably knock something out that would be fairly easy to slap on top of 3.2 and check it in within a week or two. You're not the first to ask about it, so it's obviously in demand.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list