Shibboleth IdP v3.2.1 & LDAP+AD Authentication
Daniel Fisher
dfisher at vt.edu
Tue May 31 15:47:41 EDT 2016
On Tue, May 31, 2016 at 1:34 PM, Michael A Grady <mgrady at unicon.net> wrote:
> But once you have to start replicating all that config, the advantage
> versus just going back to using JAAS to configure the multiple sources gets
> unclear. The JAAS config is simpler, but perhaps doesn't get you all the
> same account state options -- if you are going to use those. And it sounds
> like the JAAS options are going to get more flexible with 3.3 when it
> becomes available.
>
One advantage is performance. JAAS failover attempts DN resolution and
authentication against each directory in sequence (probably without
connection pooling). The AggregateDnResolver attempts DN resolution
concurrently, followed by a single authentication attempt (probably with
connection pooling). The configuration is certainly more complex, but
wiring together disparate directories isn't a simple thing.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160531/d9b88493/attachment.html>
More information about the users
mailing list