Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] [PATCH] Multi-factor authentication

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] [PATCH] Multi-factor authentication


Chronological Thread 
  • From: Etienne Dysli <>
  • To:
  • Subject: Re: [Shib-Dev] [PATCH] Multi-factor authentication
  • Date: Mon, 18 Apr 2011 14:53:24 +0200

On 15/04/11 21:26, Brent Putman wrote:
> This is discussed more extensively in the archives, but briefly: The
> jaasConfigurationLocation attribute on the login handler just sets the
> value of the JVM-wide system property java.security.auth.login.config,
> which is the JVM-wide config for the JAAS framework. In can only point
> to one place, so you can't have different login handlers setting it to
> different values. The last one that gets processed at configuration
> wiring time wins.

Thanks for the clarification.

In the meantime, I've found another possible explanation: the page
http://download.oracle.com/javase/1.5.0/docs/guide/security/jaas/tutorials/LoginConfigFile.html
(linked from
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass)
states (near the end) "If more than one login configuration file is
specified, then the files are read and concatenated into a single
configuration.". So config entry names should not be reused in other
files (MultiFactorAuth does use the same default jaasConfigName as
UsernamePasswordAuth). I've switched to another name and I can use both
login handlers in the same IdP.

Regards,
Etienne

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.16.

Top of Page