Why is Password flow selecting Basic Authentication
Cantor, Scott
cantor.2 at osu.edu
Thu Mar 29 09:58:10 EDT 2018
> What would cause my idp 3.2 to default to basic authentication for all SP's?
The Password login flow always supports basic authentication if it sees the header and will never challenge the client itself, which is why there is no reason to do what you're doing unless you have an ECP client that doesn't just volunteer the credentials.
> 2018-03-29 09:30:57,303 - DEBUG
> [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:11
> 5] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate
> Authorization header found
DEBUG is not ERROR. There's nothing wrong there.
> I have since disabled the Apache location for ECP - shouldn't really matter,
> looks like Shib is selecting remote user from the container as the
> authentication flow?
Not if you don't enable that login flow.
-- Scott
More information about the users
mailing list