Shibboleth Identity Provider 3.2.1 custom authentication configuration

Raymond Gardner r.gardner at ntta.com
Fri Jul 8 12:42:49 EDT 2016


Hello Shibbers,

I'm trying to support a Service Provider which requires custom authentication.

For this SP configuration, I need to authenticate against 1 of 2 LDAP instances.

-          If authentication against LDAP1 is successful, then the authentication flow ends successfully

-          If LDAP1 fails, then I need to use the login username to query a database for a mapped username; call it usernamePrime

-          Then, use usernamePrime to authenticate against LDAP2; if successful then authentication flow ends successfully

I looked into an "aggregateAuthenticator" configuration.  Here<https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration#LDAPAuthnConfiguration-AuthenticatorConfiguration> is some good wiki info.
I'm not having any luck getting this to work.  I need a searchDnResolver for LDAP1 but LDAP2 is an AD instance and it is not setup to support searching.
LDAP2 requires a direct bind using the usernamePrime.  (I don't administer this AD server.  I'm trying to work with it as is.)

I'm hoping I can find some direction on a good approach to follow.

To do the database lookup, I was thinking of using a custom bean similar to the trim and lowercase beans already provided.
There is a transform bean, shibboleth.authn.Password.Transforms, but that is for regular expressions.  I need one of these to do a database lookup.

Thanks,
Raymond


________________________________
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. NTT America makes no warranty that this email is error or virus free. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160708/5e57e029/attachment.html>


More information about the users mailing list