HTPasswdAuthnConfiguration

Owned by Scott Cantor
Last updated: Oct 11, 2024 by Steven Premeau
1 min read

Current File(s): conf/authn/password-authn-config.xml
Format: Native Spring

Overview

This CredentialValidator back-end for the password authentication login flow allows the use of username/password flat files produced by the Apache Web Server htpasswd utility. It is primarily for testing and demonstration scenarios.

The implementation supports most (but not all) of the non-plaintext formats supported by the utility, including MD5, SHA-256 and SHA-512. Even for testing and demonstration, you should use the strongest format your system supports. Refer to the org.apache.commons.codec.digest.Crypt javadoc for more details.

General Configuration

Using this back-end requires defining a validator based on shibboleth.HTPasswdCredentialValidator in the shibboleth.authn.Password.Validators bean.

In the simple case of a single back-end:

Defining use of htpasswd file in password-authn-config.xml
<util:list id="shibboleth.authn.Password.Validators"> <bean parent="shibboleth.HTPasswdCredentialValidator" p:resource="%{idp.home}/conf/authn/htpasswd.txt" /> </util:list>

Refer to the HTPasswdCredentialValidator javadoc for a complete summary of options.

If the supplied resource is a file, the software will monitor the file for changes and reload it automatically. If the resource is not a file, the records are loaded only at startup.