Shibboleth IDP Upgrade: v2 to v3 and Existing Login and Profile Handlers

Jeremy Torres jeremy.torres at
Tue Sep 11 18:19:47 EDT 2018

Hello All,

I'm attempting to upgrade Shibboleth IDP version 2.4.3 to version 3.3.3.
I've read through the Shibboleth IDP v3 docs and have some questions on how
to implement the existing v2 handlers within the v3 framework.

*Convert v2 SSOProfileHandler*
I have an extension of the v2 SSOProfileHandler that implements
performAuthentication() method and processes a query parameter and sets a
corresponding value into the HTTP session.  Upon
completeAuthenticationRequest() method, the value is removed from the
session.  The session variable is used by an External Authentication
Servlet to perform authentication.

* I've looked at using an extension of the
AbstractUsernamePasswordValidationAction to utilize the default password
login flow; however, it's unclear to me how to gain access to the "raw"
HTTP request parameter map, via the ProfileRequestContext or

* I looked into a v3 Profile Intercept; however, this doesn't appear to the
mechanism to do this.

*Convert v2 External Authentication Servlet*
I've been able to convert the majority of the v2 code; however, I need to
access the password, and the ExternalAuthentication (
does not seem to provide access.  If the default "password" flow is
configured, does one have access to the UsernamePassword sub context,
accessible through the ProfileRequestContext?

Any suggestions would be greatly appreciated!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list