...
First, modify web.xml (either the WEB-INF/web.xml file in the deployed war/idp.war file, or in shibboleth-identityprovider-2.3.8/src/main/webapp/WEB-INF/web.xml and then redeploy idp.war) by adding an <init-param> section as follows.
Code Block | ||||
---|---|---|---|---|
| ||||
<!-- In WEB-INF/web.xml --> <!-- Servlet for doing Username/Password authentication --> <servlet> <servlet-name>UsernamePasswordAuthHandler</servlet-name> <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class> <load-on-startup>3</load-on-startup> <init-param> <param-name>authnMethod</param-name> <param-value>http://id.incommon.org/assurance/silver</param-value> </init-param> </servlet> |
Then in conf/handler.xml (under the IdP installation directory), add a Silver assurance <AuthenticationMethod> to the UsernamePassword Handler as follows.
Code Block | ||||
---|---|---|---|---|
| ||||
<!-- In conf/handler.xml --> <!-- Username/password login handler --> <ph:LoginHandler xsi:type="ph:UsernamePassword" jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config"> <ph:AuthenticationMethod>http://id.incommon.org/assurance/silver</ph:AuthenticationMethod> <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod> </ph:LoginHandler> |
...
First, modify web.xml by duplicating the unmodified Username/Password section, and then making modifications for Silver. Both sections are shown below for completeness.
Code Block | ||||
---|---|---|---|---|
| ||||
<!-- In WEB-INF/web.xml --> <!-- Servlet for doing Username/Password authentication --> <servlet> <servlet-name>UsernamePasswordAuthHandler</servlet-name> <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class> <load-on-startup>3</load-on-startup> </servlet> <servlet-mapping> <servlet-name>UsernamePasswordAuthHandler</servlet-name> <url-pattern>/Authn/UserPassword</url-pattern> </servlet-mapping> <!-- Servlet for doing Username/Password Silver authentication --> <servlet> <servlet-name>UsernamePasswordSilverAuthHandler</servlet-name> <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class> <load-on-startup>3</load-on-startup> <init-param> <param-name>authnMethod</param-name> <param-value>http://id.incommon.org/assurance/silver</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>UsernamePasswordSilverAuthHandler</servlet-name> <url-pattern>/Authn/UserPasswordSilver</url-pattern> </servlet-mapping> |
...
Then modify conf/handler.xml by duplicating the unmodified UsernamePassword <LoginHandler> section, and then making modifications for Silver. Both sections are shown below for completeness.
Code Block | ||||
---|---|---|---|---|
| ||||
<!-- In conf/handler.xml --> <!-- Username/password login handler --> <ph:LoginHandler xsi:type="ph:UsernamePassword" jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config"> <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod> </ph:LoginHandler> <!-- Username/password Silver login handler --> <ph:LoginHandler xsi:type="ph:UsernamePassword" jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config" authenticationServletURL="/Authn/UserPasswordSilver"> <ph:AuthenticationMethod>http://id.incommon.org/assurance/silver</ph:AuthenticationMethod> </ph:LoginHandler> |
...