Authentication Fail-over

Joel Levin joel.aaron.levin at gmail.com
Sat Apr 30 18:00:10 EDT 2016


Thanks Nate.

It's my first go with JAAS - reading passage below from -
https://wiki.shibboleth.net/confluence/display/IDP30/JAASAuthnConfiguration
- does it mean that JAAS is not recommended for Shibboleth server-side?
Thanks.

"The JAAS (Java Authentication and Authorization Service) is a desktop
authentication mechanism in Java that has been commonly misappropriated as
a server-side technology. A variety of "login module" plugins exist for
different password-based technologies. Support is provided for using JAAS
as a back-end for the password authentication login flow."

On Sat, Apr 30, 2016 at 12:49 AM, Nate Klingenstein <ndk at sudonym.me> wrote:

> Joel,
>
> I think it would be easiest to accomplish this entire in JAAS.  It has the
> sufficiency and fallback capabilities that you’re looking for largely
> built-in.  Only if you want or need to interact further with the user would
> I try to do anything in the IdP itself.
>
> Taking the late train,
> Nate.
>
> > On Apr 29, 2016, at 18:05, Joel Levin <joel.aaron.levin at gmail.com>
> wrote:
> >
> > Hi List:
> >
> > Is it possible to configure authentication such that -- if JAAS
> authenticationfails - authentication is via LDAP?
> >
> > Rationale: As accounts are create first in the DB versus LDAP - we wish
> to authenticate against the DB - but if DB is down - there can be
> fail-over to LDAP.
> >
> > Thanks
> > --
> > To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160430/a95fb87a/attachment.html>


More information about the users mailing list