Configuring Multiple Login Handlers

From GFIPM Implementation Wiki
Revision as of 19:02, 11 July 2011 by Jeff.Krug (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Main Page

Some Identity Providers may support multiple login methods (Username/Password and Certificates). The following briefly details how one can support multiple and default to a specific login method.

Shibboleth User Authentication describes how to configure user authentication, and this must be done for each login handler.

Once both login handlers are configured properly and working (typically you will want to only have a single login handler active while testing and debugging it), you then have need to specify a default handler within the relying party file. Shibboleth's Relying Party Configuration Page provides a comprehensive discussion of how to do this. For most GFIPM style IDP deployments this would take the form of simply adding one additional attribute to the DefaultRelyingParty element within the relying-party.xml configuration file: 

      <DefaultRelyingParty provider="GFIPM:IDP:EntityId"
                        defaultAuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
                        defaultSigningCredentialRef="IdPCredential">


Main Page
Retrieved from "https://impl.gfipm.net/mwiki/index.php?title=Configuring_Multiple_Login_Handlers&oldid=1083"