Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: typo: configuation to configuration

...

The beans defined in authn/jaas-authn-config.xml follow:

Bean ID
Type
Default
Function
JAASConfigString%{idp.home}/conf/authn/jaas.configDefines a Spring Resource containing the JAAS config. Normally this just points to a file in the filesystem
shibboleth.authn.JAAS.JAASConfigURIjava.net.URIJAASConfig.URIDefines the URI object containing the JAAS configuration
shibboleth.authn.JAAS.LoginConfigNamesCollection<String>[ "ShibUserPassAuth" ]Simple list of JAAS application configuration names to use
shibboleth.authn.JAAS.LoginConfigurations 3.3Collection<Pair<String,Subject>>
 

Static list of JAAS application
configuation
configuration names along with mappings to custom Principals
shibboleth.authn.JAAS.LoginConfigStrategy 3.3Function (see above)
 

For advanced use, you can inject a function to supply at runtime the information that the previous bean would supply statically

V2 Compatibility

JAAS configuration is independent of the IdP and is therefore identical with the use of JAAS in the V2 UsernamePassword handler. By default this configuration is placed in authn/jaas.config and the legacy-matching "ShibUserPassAuth" login configuration name is used (though this can be changed).

...

However, while JAAS configuration in general is the same, the vt-ldap JAAS module supplied with V2 is not supported and has been superseded by the newer ldaptive library, which provides its own JAAS module. In addition to the module class being different, there are other differences in settings.

LDAP Module Configuration Comparison

This is not a comprehensive list, but it does include the most commonly used configuration arguments.

vt-ldapldaptivecomments
ldapUrl

ldapUrl


hostN/Ause ldapUrl
portN/Ause ldapUrl

timeout

connectTimeout


N/A

responseTimeout


baseDn

baseDn


base

N/Ause baseDn
tls

useStartTLS


ssl

useSSL


sslSocketFactorycredentialConfig

userField

N/Ause userFilter
userFilter

userFilter


subtreeSearch

subtreeSearch


authorizationFilter

N/A

constructDn

N/Ause dnResolver

allowMultipleDns

allowMultipleDns


bindDn

bindDn


serviceUser

N/Ause bindDn
bindCredential

bindCredential


serviceCredential

N/Ause bindCredential

dnResolver

dnResolver

userRoleAttribute

userRoleAttribute


Notes

TBD