Shibboleth Developers

[Etienne Dysli <>]

On 27/01/11 20:55, Fredrik Thulin wrote:
> What say you? All feedback welcome! Testers and collaborators even more so.

Hi Fredrik,

I've tried your module and it's nice. :) Here are some technical remarks.

> handler.xml :
>     <!-- Multi factor authentication login handler -->
>     <ph:LoginHandler xsi:type="ph:MultiFactorAuth"

Your patch says "ph:MultiFactor" but the right type is the one here
"ph:MultiFactorAuth".

> jaasConfigurationLocation="file:///local/shibboleth/idp/conf/login.config">

Again your patch gives a different file name ("mf-login.config"). In my
experience, this didn't work: the standard UsernamePassword LoginHandler
would load it too (why?) and try to validate an OTP without having one
(only 2 fields in the login form). I've worked around this by changing
the jaasConfigName so that UsernamePassword and MultiFactorAuth don't
use the same and having only one config file. Thus I have in login.config:

ShibUserPassAuth {
   edu.vt.middleware.ldap.jaas.LdapLoginModule required
      ...
};

ShibMultiFactorAuth {
   edu.vt.middleware.ldap.jaas.LdapLoginModule required
      ...

   com.yubico.jaas.YubikeyLoginModule required
      ...
};

>    /* second factor */
>    com.yubico.jaas.YubikeyLoginModule required
>       clientId="4711";

Am I supposed to use this clientId? (it works, but...) If not, how can I
get one?

Regards,
  Etienne

Attachment: signature.asc
Description: OpenPGP digital signature