Current File(s): conf/authn/password-authn-config.xml
Format: Native Spring
| Table of Contents |
|---|
Overview
This CredentialValidator back-end for the password authentication login flow allows the use of username/password flat files produced by the Apache Web Server htpasswd utility. It is primarily for testing and demonstration scenarios.
The implementation supports all of the non-plaintext formats supported by the utility, though only the salted MD5 variant is considered (reasonably) secure.
General Configuration
Using this back-end requires defining a validator based on shibboleth.HTPasswdCredentialValidator in the shibboleth.authn.Password.Validators bean.
In the simple case of a single back-end:
...
Defining use of htpasswd file in password-authn-config.xml
| Code Block | ||
|---|---|---|
| ||
<util:list id="shibboleth.authn.Password.Validators">
<bean parent="shibboleth.HTPasswdCredentialValidator" p:resource="%{idp.home}/conf/authn/htpasswd.txt" />
</util:list> |
Refer to the HTPasswdCredentialValidator javadoc for a complete summary of options.
If the supplied resource is a file, the software will monitor the file for changes and reload it automatically. If the resource is not a file, the records are loaded only at startup.