V4 LDAP Authentication

Cantor, Scott cantor.2 at osu.edu
Mon Jul 6 14:20:10 UTC 2020

On 7/6/20, 10:08 AM, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:

> As far as how the code itself behaves within a single link of a chain, if it no longer handles particular settings or
> approaches, that's a bug or an issue to be documented. If it supported multiple URLs in a given LdapAuthenticator
> before, it should now.

Except that I'm fairly certain all the advanced examples in the page are no longer complete, and that's probably what you're trying to do. All of that needs to be updated, but Daniel would have to do that.

The general approach is that if you want to do very advanced things, you have to define your own bean inheriting from  shibboleth.LDAPAuthenticationFactory and you need to inject the result into the LDAPCredentialValidator via p:authenticator-ref="..."

The examples are probably not that far off apart from not showing that, along with not using the parent. The Aggregate DN Resolver example is building a bean called aggregateAuthenticator that is, I think, the top-level object needed to inject into the validator(s) in the chain.

-- Scott

More information about the users mailing list