Shibboleth Developers

[Paul Hethmon <>]

Title: Principals in Session

A couple of months ago we had a thread here about storing a custom Principal in the session:

http://groups.google.com/group/shibboleth-dev/browse_thread/thread/a79b66fba144a071/a77ce1c16144f958?lnk=gst&q=data+connector#a77ce1c16144f958

I’ve pretty much got that working. Inside my login handler/servlet, I have my own Principal class that I give to the authentication engine once auth is complete. Then inside of my custom data connector, I pull out that Principal and resolve the attributes stored during the authentication sequence.

In the last couple of days, I’ve started working on getting this set up in a Terracotta clustered environment. Using TC 3.4.0.

Here’s the problem I’m running into. During the initial authentication, I get my Principal object. During a previous session authentication, I’m getting a Shib Principal object instead.

What I’m thinking is happening here is because of how I “changed” the authentication engine code to only store a single Principal (instead of multiple). That thought has just come up as I’m writing this. So, without my changes, would the previous session handler create a new Principal object and store it in the session? Even though the principal name is the same?

thanks,

Paul