Shibboleth Developers

[Etienne Dysli <>]

On 15/04/11 21:26, Brent Putman wrote:
> This is discussed more extensively in the archives, but briefly:  The
> jaasConfigurationLocation attribute on the login handler just sets the
> value of the JVM-wide system property  java.security.auth.login.config,
> which is the JVM-wide config for the JAAS framework.  In can only point
> to one place, so you can't have different login handlers setting it to
> different values.  The last one that gets processed at configuration
> wiring time wins.

Thanks for the clarification.

In the meantime, I've found another possible explanation: the page
http://download.oracle.com/javase/1.5.0/docs/guide/security/jaas/tutorials/LoginConfigFile.html
(linked from
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass)
states (near the end) "If more than one login configuration file is
specified, then the files are read and concatenated into a single
configuration.". So config entry names should not be reused in other
files (MultiFactorAuth does use the same default jaasConfigName as
UsernamePasswordAuth). I've switched to another name and I can use both
login handlers in the same IdP.

Regards,
   Etienne

Attachment: signature.asc
Description: OpenPGP digital signature