The Shibboleth IdP V4 software will leave support on September 1, 2024.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Current File(s): conf/authn/password-authn-config.xml

Format: Native Spring

Overview

This CredentialValidator back-end for the password authentication login flow allows the use of username/password flat files produced by the Apache Web Server htpasswd utility. It is primarily for testing and demonstration scenarios.

The implementation supports all of the non-plaintext formats supported by the utility, though only the salted MD5 variant is considered (reasonably) secure.

General Configuration

Using this back-end requires defining a validator based on shibboleth.HTPasswdCredentialValidator in the shibboleth.authn.Password.Validators bean.

In the simple case of a single back-end:

Defining use of htpasswd file in password-authn-config.xml
<util:list id="shibboleth.authn.Password.Validators">
    <bean parent="shibboleth.HTPasswdCredentialValidator" p:resource="%{idp.home}/conf/authn/htpasswd.txt" />
</util:list>

Refer to the HTPasswdCredentialValidator javadoc for a complete summary of options.

If the supplied resource is a file, the software will monitor the file for changes and reload it automatically. If the resource is not a file, the records are loaded only at startup.

  • No labels