1 Reply Latest reply: Aug 25, 2014 8:09 AM by Faisal Khan RSS

    Problem with custom authenticator in conjunction with SAML Authenticator

    Sascha Herrmann



      I have a problem with using my own authentication provider in conjunction with a SAML authenticator.


      The docs say:


      .. if another authentication provider (e.g., the default LDAP Authentication provider) is configured before it and its JAAS Control Flag set is set to SUFFICIENT, then the user name returned by the SAML Identity Assertion provider is validated by the other authentication provider.

      If you want groups from a SAML assertion, you must configure the SAML Authentication provider even if you want the LDAP Authentication provider to verify the user's existence.

      So it should be possible to have a second authentication provider besides the SAML Authentication provider.

      It seems I cannot manage to do that. I created my own authenticator with a login module. In the realm, I configured it before the standard SAML authenticator (which is set to SUFFICIENT). No matter what I set as flag for my own authenticator, it is just not invoked in a SAML2 scenario. It is completely ignored.

      When I login to the console though, I see that my login module is invoked. So the MBean works.

      I am clearly doing something wrong but what?