Shibboleth IDP Upgrade: v2 to v3 and Existing Login and Profile Handlers

Cantor, Scott cantor.2 at osu.edu
Tue Sep 11 19:43:29 EDT 2018


> * I've looked at using an extension of the
> AbstractUsernamePasswordValidationAction to utilize the default password
> login flow; however, it's unclear to me how to gain access to the "raw" HTTP
> request parameter map, via the ProfileRequestContext or
> AuthenticationContext

Inject the shibboleth.HttpServletRequest bean into your object,
p:httpServletRequest-ref="shibboleth.HttpServletRequest".
All action beans that inherit from our classes, including that base class, have a property for it predefined.

> * I looked into a v3 Profile Intercept; however, this doesn't appear to the
> mechanism to do this.

No, that's not authentication.

>  If the default "password" flow is
> configured, does one have access to the UsernamePassword sub context,
> accessible through the ProfileRequestContext?

External and Password are different, unrelated login flows, they don't compose. Password is for password validation with the IdP's UI to handle collecting it, and External is for "do whatever you want in a servlet" and you are responsible for the UI. Two different things.

-- Scott



More information about the users mailing list