authentication flow confusion

Richard Levenberg richardl at
Fri May 10 15:16:12 EDT 2019

In attempting to integrate a login system to Shibboleth I am running
into some confusion about how to achieve what I am trying to do.

According to the documentation:

"Within the IdP the act of authenticating the subject is performed by
the execution of an authentication flow. This is a flow definition that
contains all the steps for authenticating subjects (e.g., presenting a
form to collect credentials, validating those credentials, re-asking for
credentials if validation failed or proceeding if it passed)."

I was under the impression that if I could get a hold of the
AuthenticationResult and look at one of attemptedFlow, availableFlows,
potentialFlows or intermediateFlows I could reset with the current state
of the authentication to the step which presents the "form to collect

The form to collect credentials is a login.jsp in
edit-webapp/WEB-INF/jsp and is resolved by the SP at

The available flows are all authn/* with the attempted flow being
authn/Password (having implemented a ValidateUsernamePasswordAgainstFoo
and setting an alias)

Am I going about this the proper way and missing something or am I going
about this the wrong way?


More information about the users mailing list