...
First, modify web.xml (either the WEB-INF/web.xml file in the deployed war/idp.war file, or in shibboleth-identityprovider-2.3.8/src/main/webapp/WEB-INF/web.xml and then redeploy idp.war) by adding an <init-param> section as follows.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<!-- In WEB-INF/web.xml -->
<!-- Servlet for doing Username/Password authentication -->
<servlet>
<servlet-name>UsernamePasswordAuthHandler</servlet-name>
<servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class>
<load-on-startup>3</load-on-startup>
<init-param>
<param-name>authnMethod</param-name>
<param-value>http://id.incommon.org/assurance/silver</param-value>
</init-param>
</servlet>
|
Then in conf/handler.xml (under the IdP installation directory), add a Silver assurance <AuthenticationMethod> to the UsernamePassword Handler as follows.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<!-- In conf/handler.xml -->
<!-- Username/password login handler -->
<ph:LoginHandler xsi:type="ph:UsernamePassword"
jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config">
<ph:AuthenticationMethod>http://id.incommon.org/assurance/silver</ph:AuthenticationMethod>
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
</ph:LoginHandler>
|
...
First, modify web.xml by duplicating the unmodified Username/Password section, and then making modifications for Silver. Both sections are shown below for completeness.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<!-- In WEB-INF/web.xml -->
<!-- Servlet for doing Username/Password authentication -->
<servlet>
<servlet-name>UsernamePasswordAuthHandler</servlet-name>
<servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>UsernamePasswordAuthHandler</servlet-name>
<url-pattern>/Authn/UserPassword</url-pattern>
</servlet-mapping>
<!-- Servlet for doing Username/Password Silver authentication -->
<servlet>
<servlet-name>UsernamePasswordSilverAuthHandler</servlet-name>
<servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class>
<load-on-startup>3</load-on-startup>
<init-param>
<param-name>authnMethod</param-name>
<param-value>http://id.incommon.org/assurance/silver</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>UsernamePasswordSilverAuthHandler</servlet-name>
<url-pattern>/Authn/UserPasswordSilver</url-pattern>
</servlet-mapping>
|
...
Then modify conf/handler.xml by duplicating the unmodified UsernamePassword <LoginHandler> section, and then making modifications for Silver. Both sections are shown below for completeness.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<!-- In conf/handler.xml -->
<!-- Username/password login handler -->
<ph:LoginHandler xsi:type="ph:UsernamePassword"
jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config">
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
</ph:LoginHandler>
<!-- Username/password Silver login handler -->
<ph:LoginHandler xsi:type="ph:UsernamePassword"
jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config"
authenticationServletURL="/Authn/UserPasswordSilver">
<ph:AuthenticationMethod>http://id.incommon.org/assurance/silver</ph:AuthenticationMethod>
</ph:LoginHandler>
|
...