[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[upki-fed:00411] カスタムAuthenticationMethodの挙動変更?
- Subject: [upki-fed:00411] カスタムAuthenticationMethodの挙動変更?
- Date: Fri, 11 Nov 2011 19:24:50 +0900
- From: Takeshi NISHIMURA <xxxxxxx@xxxxxxxxx>
西村です。
ちょっと気になるメールがありましたのでご紹介します。
ログインの方法に合わせてカスタムのAuthenticationMethodの値をセットする
という話で、IdP 2.3.3だか2.3.4だかで挙動が変更されたという話かと思われる
のですが、理解できていません。
この機能をお使いの方は次のアップデート時にご注意ください。
http://groups.google.com/group/shibboleth-dev/browse_thread/thread/aa1a1b0399ef88d9/d4f529a2523cce4f
https://issues.shibboleth.net/jira/browse/SIDP-519
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthRemoteUser
> Finally, you may also need to configure the Servlet with an
> "init" parameter in web.xml named authnMethod, set to a an
> authentication context/method/type value to return via SAML
> to the SP. By default, the value returned will be
> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport.
> This is usually fine, but if you're doing something more
> advanced, it may need to be changed.
>
> Note that if you were to assign the login handler to multiple
> <AuthenticationMethod> values up front, you will potentially
> have a problem because the Servlet itself can only return one
> of them. This may work fine, but would break if you are
> supporting SAML 2.0 SPs that request particular methods. You
> will probably need a custom login handler or handlers in such cases.
--
西村健
国立情報学研究所 TEL:03-4212-2720