...
A few beans are defined in authn/jaas-authn-config.xml to configure this back-end by identifying the JAAS configuration file and JAAS application name(s) to use.
A bean alias is also defined that instantiates the JAAS back-end action as the "ValidateUsernamePassword" step of the web flow. This must not be changed.
JAAS Configuration
JAAS has its own configuration format (see here). By default, the configuration used is called "ShibUserPassAuth". This can be changed using theĀ shibboleth.authn.JAAS.LoginConfigNames, or turned into a list of more than one configuration, with each one tried in series until a success. This is equivalent to the JAAS keyword "sufficient". Using separate configurations allows errors to be isolated per-module instead of masked by generic JAAS exceptions.
...