The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
HTPasswdAuthnConfiguration
- Scott Cantor
- Rod Widdowson
Current File(s): conf/authn/password-authn-config.xml
Format: Native Spring
Overview
This CredentialValidator back-end for the password authentication login flow allows the use of username/password flat files produced by the Apache Web Server htpasswd utility. It is primarily for testing and demonstration scenarios.
The implementation supports all of the non-plaintext formats supported by the utility, though only the salted MD5 variant is considered (reasonably) secure.
General Configuration
Using this back-end requires defining a validator based on shibboleth.HTPasswdCredentialValidator in the shibboleth.authn.Password.Validators bean.
In the simple case of a single back-end:
Defining use of htpasswd file in password-authn-config.xml
<util:list id="shibboleth.authn.Password.Validators">
<bean parent="shibboleth.HTPasswdCredentialValidator" p:resource="%{idp.home}/conf/authn/htpasswd.txt" />
</util:list>Refer to the HTPasswdCredentialValidator javadoc for a complete summary of options.
If the supplied resource is a file, the software will monitor the file for changes and reload it automatically. If the resource is not a file, the records are loaded only at startup.