Authn Error - IdP v3

Cantor, Scott cantor.2 at
Tue May 10 13:40:57 EDT 2016

> When I follow X509 initial authn with RemoteUser, I don't get prompted and
> the user identity is pulled from the session as expected. However, when I
> follow X509 with Password (jaas), it prompts me with the login page. Is this
> behavior expected or should it extract the user identity in both cases?

If it prompts you, then the request stipulated a custom Principal requirement that the use of the X.509 login method didn't satisfy, and if it doesn't, then the request was already satisfied by reuse of the X.509 result. The session has nothing much to do with it.

I cannot emphasize enough: do not use the initial-authn feature. Just don't. Ignore it.
-- Scott

More information about the users mailing list